I am afraid I am making the very hard line call here that must_approve_users
== VERY HARD LINE definition of explicit approval must be given.
The trouble with implicit approval (which I originally approved) is that it is full of edge cases. Edge cases breed security problems and flaws in the system. Additionally, explaining edge cases regarding implicit approval is way too complicated and not a headache we need.
If you go for must_approve_users
we will take the absolute strictest definition and require you explicitly click approve on every single account regardless of invite vs not invite.