This can easily be tested in password recovery. Other parts of FD might be impacted.
This can cause bugs or allow HTML/javascript injection.