Let me tell you a story.
When we launched in alpha 59sec.com, we also launched a live demo: http://www.59sec.com/test/ with a simple (subscriber role) test user:
http://www.59sec.com/test/wp-login.php
user: test
pass: 123456789
In one sunny day, we figure it out that we cannot login on this test account, and also NONE of the clients who wanted to test it.
What happened?
There was a “well intended” Indian guy that changed the password and the user’s email. Simple and effective, just because he could 🙂
So, we realized that we had to protect the wordpress test user from further modifications, that’s why we created a simple plugin, against vandalism, called WP User Vandalism Protection
This plugin we made it available for free in the WordPress repository. It saved us of a lot of trouble and we hope will help also other developers as well! 🙂
http://wordpress.org/plugins/wp-user-vandalism-protection/