When clicking on the RSS XML Feed button at the bottom of a page using Internet Explorer 6.0, the username and IP address is displayed like this (sanitized, of course):
text/html 2005-08-09T01:53:31+01:00
username@xxx.xxx.xxx.xxx
Title of page
Link
Data from the page.
---
When using Firefox, the username and IP address are not displayed (and it looks much better too). HOWEVER, the username and IP address are in the source of the page.
I have not tested it with any other browsers.
This presents some obvious security implications:
First, by providing a username, the wiki is vulerable to a brute-force password attack.
Second, by providing the IP address, the anyonminity of users is exposed, a user's machine may become a target of someone that disagrees with comments posted, the posters is subject to a man-in-the-middle style attack, etc.
I suggest adding the ablity to disable this functionality.