Restrict the set of permissions granted to `self.user` in owned acl mixins. Add a `PersonalMixin` for content other users shouldn't see.
0.4
Stop forcing passwords to lower case. Note that this is a fairly major api change and means that existing user accounts may need to login with lower case passwords where before they were using upper case.
0.3
Limit `/auth/logout` to POST requests.
Provide account management features (thanks to amarandon):