Specifically:

• Mailing list users can currently be made into administrators. We should probably prevent this, because it seems silly. (Making a daemon an administrator is still silly, but doesn't seem completely unreasonable.)
• Regardless, users can be marked as mailing lists and also as administrators in the database.
• bin/auth recover will let you recover users who can not establish web login sessions as long as they are administrators, but should not.
• When you recover such a user, a misleading error message is shown (session invalid). Instead, recovery should fail explicitly and/or the session error message should point at the root cause more directly.

I guess I'm sort of OK with letting you make mailing lists administrators so they can pick up policy stuff. This is definitely pretty silly but maybe not only silly, and wouldn't hurt anything except for the other issues.