It is sad for me to see this happen, but with PHP-Fusion still being fairly new it's subject to being targetted by hackers. Two sites have already suffered huge hits with thousands of registrations by means of user names made up of random letters. This is a set-back but not the end of the world, high profile php scripts will always be targeted by people whom I regard as internet terrorists. That's life unfortunately.
To prevent a recurrence of this incident I've added a code validation routine to register.php, it requires the registrant to key in a code, it should prevent any kind of automated registrations. All PHP-Fusion webmasters are urged to download the file Here