I remember one place that had a "wall" plugin at login where you could leave public messages, and the BBS software also included some special escape sequences that would resolve to the current user's name, phone number, etc. Not a real security hole since you could only show someone their own information, but it was bags of laughs to post something like "Hey <firstname>, I've been trying to get hold of you all week! Isn't your home # <phonenumber>?"