When creating a group membership request, there is no character limit on the 'reason' field. This can be potentially be used by an attacker to create enormous amount of data in the database.
