Does anyone know if the AccountManagement API is vulnerable to LDAP injection attacks? Does it sanitize input? Would the sanitation process remove special characters used in passwords?