I've always pushed for a "Report PT" option so users can report spam/abuse; a PT would then be readable by admin's in the CP to sort any "problems". Would keep PT's private except when a user involved wants to flag it abusive.
I agree, if someone says they are being spammed or harassed i ask them to set a temp password and than I login. I never become a member, only time I ever did was when people had issues resetting passwords but now I just create a md5 hash and change via phpmyadmin.
I hate the idea of login in as anyone without permission.
