I installed phpseclib because I needed to do some AES encryption in my project. After all the hassle of installing php lib, I found out that Yii already has a security module (securityManager). I finally decided to keep using phpseclib because it has one big advantage over Yii securityManager module, it does not requite mcrypt to be installed in the phpserver!
In order to avoid bounce messages and unsolicited registrations, most webapps send automatic activation emails upon user registration, and the account remain inactive as long as it is not activated. Better yet, you can periodically purge your data by removing accounts that have not yet been activated.
In doing internet searches trying to learn how to incorporated ajax into web pages generated by the yii framework I noticed that there seems to be a lot of confusion. I worry that too-clever hacks will be broken in upgrades of the framework.
I've seen lot of people struggling in finding a way to hide the script name when installing their Yii Application. In an Apache environment everything is well documented in this wiki article, but for those who are running their app on a Windows Server machine there are no hints.