Makes a lot of sense Craig. As you say, it is no more vulnerable than most (nearly all?) login/password sites as they utilize email for forgotten passwords. I am a big fan of passwordless (when appropriate) - and implemented it in a different fashion for 2 of our casual sites: LooseLeaves and DoitDoitDone. Here we just generate a unique access URL for each item. Its very low security, but also very convenient and anonymous.