When allowing nicknames, it is currently possible to spoof them using Unicode.
I think security would be improved with an anti-spoof feature. I believe a main idea is to check all the nickname chars belong to the same Unicode subset, or to an allowed combination of subsets (eg. Japanese will combine different subsets).
Maybe similar to Wikipedia's (I couldn't find a usable PHP package but the class is quite readable) : wikimedia/mediawiki-extensions-AntiSpoofblob/master/includes/AntiSpoof.php
