So here's the scenario.
I updated my password to my account, on the website. It was due.
I logged in the Mac app version of the game in order to make sure I could login and assuming that because I have a new password it would require it.
It did not and took me right into the game. Even after watching the 'updating account' log scroll by as it went though startup.
I was not logged into WGT on any browser, they were closed. I even fired them up and logged out of FF, Safari wasn't even setup with the new password entered in.
In the game I went into the Proshop and selected a club to purchase. It redirected me right into the 'Purchase Credit' section of the website, on safari which I had not as yet logged into with the new password. So I was now in my WGT account page in Safari without having entered the new password, apparently.
Not concerned about anything to do with the information on the site and being able to exploit anything to do with credits and the account. Just more that the account security update protocols as of yet don't appear to be used in the EA of the game, well the Mac app anyway.
Updating or logging into the website doesn't affect the game, on a Mac anyway. If the game is updating player profile info it should catch that the password has been changed and require the new one be entered to login and play.
Just thought I'd throw this up, see if anyone has noticed this on the PC
install. I can't verify the Steam version as I'm not using it anymore.