I came across an interesting bug today that I wanted to share here. Using the default SC login module as created by SC… the account code for reset is generated with the following character set:
$chars = 'abcdefghijklmnopqrstuvxywz';
$chars .= 'ABCDEFGHIJKLMNOPQRSTUVXYWZ';
$chars .= '0123456789!@$*.,;:';
Using the ; character creates an issue in the receiving password application as its not escaped correctly in the mysql query.
Something to fix for the next code release 
Thanks
Rob