I was told by a colleague that WordPress was being discussed on the privacy subject. Now I don’t want to go into that discussion, but I encountered a post by Ryan Finnie about $_SERVER variables being send to the Akismet server.
If you plan to use HTTP authentication and use Akismet it’s a wise idea to patch your Akismet with the patch provided Ryan Finnie. This because otherwise your login data is send to the Akismet server every time it checks the comment post. True, having both Akismet and HTTP authentication is a bit strange, but I think it’s better to remove such data then to have it transferred to Akismet.
I hope Matt will accept this bug as being valid.
I also found some other items about the need to send $_SERVER in total. Certinately the enhanced akismet plugin sounds like a good alternative.