Validation doesn't always work

[petestreet]

I've made a custom signin/signup form according to the Guide, and stumbled across a common use case when the field-level validation checks don't actually run. On the "Join" page, if you try submitting the form with a valid username set (before filling in the other inputs), and then change the username input to something invalid, it will let you create that user. The re, minLength, and required checks are all not honored.

See a video of it happening here. You can try it for yourself on this demo app, and can view the code running on that app here.

Since a user can basically bypass any validation checks, this seems like a pretty serious issue.