This gives me an idea, it would be cool to implement account verification somehow by having accounts sign a message (e.g. the website's domain) with a private key corresponding to a known public key. Then they could prove they own the private key by signing their own domain with the same key and putting that on their website. That's very manual obviously, but it could be systematized I bet.