Thanks Niko, great tutorial, I would have done it almost exactly the same as you, although i also would have left out the repeat, not that i think it matters at all to be honest.
I agree, this is like any programming where even if you manually coded it you might do it different to the next person, both ways work, there will always be someone with a better way, or a different way, as long as it serves your purposes and works, then great.
I have also done systems like this before although they are normally only for internal administration where the users are a little more trusted, where I have used this for a more open market, the only thing i did a little different is push the data through Akismet, once Akismet returned all ok then i marked the user as trusted, I then sent an authentication email and gave the user 1 week to authenticate their email address, once authenticated I marked the account as confirmed.
I have to admit i still had many junk accounts created and to this day I still get at least one a week that try their luck. I do not think there is any real way around this though, just do what we can and know people will still do strange things regardless.