Add functions to change enabled and password programmatically. This 
would allow programmers to create a password recovery feature, or 
disable a user if a hacking attempt was detected.

Add functionality to allow other HTML fields such as color, email, etc...
This could probably be done by change <INPUT type='text' ... to
<INPUT type='%s' ...> if it turns out all of the other new classes are
of the same structure. Then, we could take type='text' and use the template
named 'default' and, any time a field was created with an unknown type
simply take the type and paste it into the default template.

Set up a password recovery that would change the users password, then 
e-mail the new password to them. See if maybe the programmer would be 
able to override the password recovery with an external function?