Security issue - The jabberID I choose is the one Prosody identifies me with
I can pretend to be whoever I want to Prosody as long as I use that person's jabberID. This grants me access to her conversation history, and I can go as far as pretending to be her on the chat.
Ensuring unicity of jabberIDs might be one thing necessary. Fetching the webID of a domain name corresponding only to the jabberID's domain name might also be one solution.
To be investigated.