I've listened to the last couple of Debug podcasts, and the latest involves Vesper (an iOS note-taking app, if you haven't heard of it).
There's a lot in there about sync, which is what they've been working on for the last couple of months. One thing that didn't get mentioned, is why they decided to announce that they were working on sync. Gruber mentioned a couple things (on The Talk Show, I think) about why, but a couple of podcasts (reinforced by this one) have led me to think that the real reason is that Bret wanted to blog about the process, and he couldn't do that if it hadn't been announced.
But the thing driving me to write this is that they came across one of my major irritations with a lot of online sites.
The whole point of asking for the password twice is as a sanity check (so you don't make the same typo twice, basically), because the user can't see the data being entered. If the user can see the data, then asking for it twice is just asking for the user to make a mistake. So if your site is asking for the email address twice (and I can't count how many times I've seen this done), don't do that! You're not providing additional security, and you're probably annoying the user.