Hi,

When you want to create tickets using folks without an account (using reCAPTCHA of course), the ticket URL can be read by anyone...

http://yourdomain.com/help?issue=30001 for example can be manually incremented by any user and you can read other users tickets.

If you change it to this, with some type of a hash in the issue field, then you can have tickets that cannot be read by others very easily.

http://yourdomain.com/help?issue=nr93mg9fla945mgcxa would be the result, which could map to the internal ticket ID in the admin interface.

This way you can have inquiries without unnecessary accounts being created. You may have customers who:

1. Lost login info and want to know how to get it
2. Ask a general question.

The above would make handling this type of request more secure.