Instead of promptly slamming shut ideas, can there be a little exploration for how they could be made to work at a reasonable level of security?
Do you read that I wrote: This is a way to go?
Talking on how to implement security for a web based business is not the right place here. This is a well known issue allready solved on some million other websites. Somebody working in the internet business sould be familar with how to do it.
The absolutly wrong strategy is what ShareCG did (for whatever reason): No security provisions at all.