Misconfigured rate limit at app.sign.plus/forgot_password

shamim_12__ found a weakness in our rate-limiting mechanism, allowing an attacker to bypass rate limits and spam the endpoint for requesting a password reset email. There was no effect on other API endpoints and no direct security implication, except email spamming attacks. The issue has been fixed immediately.