* Instead of hiding read-restricted modules, throw an error when a user without read rights tries to use them
* Do the same for write modules when $wgEnableWriteAPI is false
* Indicate whether a module needs read or write rights in action=help and action=paraminfo
* BREAKING CHANGE: action=purge now requires write rights and, for anonymous users, a POST request
* Title::moveTo() has been returning a getUserPermissionsErrors()-like array for ages now, let's use it correctly in ApiMove and skip the double-checks
* Remove some outdated TODO/FIXME comments
* Recipient name seems to be output raw into HTML form; this is insecure
* We've lost the link to the target's user page in the primary use case (followed 'email this user' link)
* Behavior if you misspell a name doesn't look very nice; you can't just fix it and resubmit the form, you have to hit 'back' from an error page and hope your browser isn't one that deletes all your form data :D
