Sorry that I missed your post. During the process of creating infiledge, I really do learn a lot especially dealing with facebook api (Login function).
For normal forms - where users key in their information through infiledge, I do encryption for password for security reasons (I believe most website uses encryption for passwords) However, I did implement the functionality of sending emails to users after they registered with Infiledge yet since I do not have a proper SMTP server for this function yet. Although you can use gmail or hotmail as your email but I decide to delay it a bit as I feel that this function is not as critical as it seems because currently infiledge has very few users in it.
I believe that it is not secure to put user information in the url parameter, thus try not to do that because hacking might occur if someone else could execute sql injection to your database and corrupt it or steal information from your database.
For login, I will do comparison of password and the username, that's all for my registration. I do not have status for the user account as all user who registered with infiledge as automatically set as activated.
If you are interested in exploring facebook login, do drop me a msg. it will be fun doing it