DrByte raises a good point. In 1.3.8 this bypass is handled in a completely different way in a completely different place (i.e. modules/pages/create_account_success/header_php.php. So if you were to upgrade to 1.3.8, I would recommend making sure that the extra bit of code about which you asked is removed completely.