This is minor and mainly relates to those that have forums that aren't accessible to all usergroups and want to maintain the privacy of those users who do.

URLs of the sort:

member.php?action=getinfo&find=lastposter&threadid=xxxxxx
member.php?action=getinfo&find=firstposter&threadid=xxxxxx


Shouldn't it check to see if the thread is in a forum that the user has permission to view?

Else a curious troublemaker could go about finding out who has special privileges or what not (when they try to access the thread and get the invalid error.....)