Grey Hat Programming on Big Commerce

One of my clients has a website constituting of two platforms: WordPress and Big Commerce. I was mandated to, among other things, create a symbiosis between the two platforms so that users didn't have to register twice. The only problem with that is being a commercial platform, Big Commerce doesn't want you messing around in their proprietary database - their API really is only for read stuff, you never write anywhere. Understandable... but my client still wants user synchronicity, and to be honest I don't think he's exaggerating.

So... how do we remotely create users on a platform that doesn't let you create users with their API? After a bit of looking around for solution, I stumbled upon my client's store registration form (which is hosted, like everything related to Big Commerce, on a server you don't control). Different domains, different servers, no API methods... but I have a form. Have you ever heard of XSS? In the world of developers, it's a real annoyance. Essentially, if you fail to secure your forms properly, anyone can grab your form, put it somewhere else on the internet and submit bogus data (because the form still sends to you, get it?). Anyway, it's usually really only a security concern, but for this particular project, it became a feature.