2010-03-01, 08:34 AM
Mmh.. he probably can somehow decrypt what the link to reset your password/PIN/PIC says and change it so that it "says" to the server that it needs to send the reseted password/PIN/PIC to whatever e-mail he wants, and encrypt it back.

