Hi Adam,
just wondering how protected pseudo-protected is. If you set the "Customer accounts" setting to "Accounts are required", it shouldn't be possible to checkout without account.
And if your liquid theme looks like this:
<!-- layout/theme.liquid -->
{% if customer %}<html><head></head><body>
insert normal shop layout</body></html>
{% endif %}What security risks are still present with this setup?
Cheers,
Harm-Jan