diff --git a/rest_auth/registration/serializers.py b/rest_auth/registration/serializers.py
index c6b5d5b..61f82dc 100644
--- a/rest_auth/registration/serializers.py
+++ b/rest_auth/registration/serializers.py
@@ -1,6 +1,7 @@
 from django.http import HttpRequest
 from django.conf import settings
 from django.utils.translation import ugettext_lazy as _
+from django.contrib.auth import get_user_model
 
 try:
     from allauth.account import app_settings as allauth_settings
@@ -111,6 +112,20 @@ class SocialLoginSerializer(serializers.Serializer):
             raise serializers.ValidationError(_('Incorrect value'))
 
         if not login.is_existing:
+            # We have an account already signed up in a different flow
+            # with the same email address: raise an exception.
+            # This needs to be handled in the frontend. We can not just
+            # link up the accounts due to security constraints
+            if(allauth_settings.UNIQUE_EMAIL):
+                # Do we have an account already with this email address?
+                existing_account = get_user_model().objects.filter(
+                    email=login.user.email,
+                ).count()
+                if(existing_account != 0):
+                    # There is an account already
+                    raise serializers.ValidationError(
+                    _("A user is already registered with this e-mail address."))
+
             login.lookup()
             login.save(request, connect=True)
         attrs['user'] = login.account.user
diff --git a/rest_auth/registration/views.py b/rest_auth/registration/views.py
index d6638b6..c367580 100644
--- a/rest_auth/registration/views.py
+++ b/rest_auth/registration/views.py
@@ -25,7 +25,7 @@ from rest_auth.views import LoginView
 from .app_settings import RegisterSerializer, register_permission_classes
 
 sensitive_post_parameters_m = method_decorator(
-    sensitive_post_parameters('password1', 'password2')
+    sensitive_post_parameters('password', 'old_password', 'new_password1', 'new_password2', 'password1', 'password2')
 )
 
 
@@ -53,14 +53,21 @@ class RegisterView(CreateAPIView):
             return TokenSerializer(user.auth_token).data
 
     def create(self, request, *args, **kwargs):
-        serializer = self.get_serializer(data=request.data)
-        serializer.is_valid(raise_exception=True)
-        user = self.perform_create(serializer)
-        headers = self.get_success_headers(serializer.data)
+        # Check if registration is open
+        if get_adapter(self.request).is_open_for_signup(self.request):
+            serializer = self.get_serializer(data=request.data)
+            serializer.is_valid(raise_exception=True)
+            user = self.perform_create(serializer)
+            headers = self.get_success_headers(serializer.data)
 
-        return Response(self.get_response_data(user),
-                        status=status.HTTP_201_CREATED,
-                        headers=headers)
+            return Response(self.get_response_data(user),
+                            status=status.HTTP_201_CREATED,
+                            headers=headers)
+        else:
+            return Response(
+                data={'message': 'Registration is not open.'},
+                status=status.HTTP_403_FORBIDDEN,
+            )
 
     def perform_create(self, serializer):
         user = serializer.save(self.request)
@@ -110,8 +117,8 @@ class SocialLoginView(LoginView):
 
     class FacebookLogin(SocialLoginView):
         adapter_class = FacebookOAuth2Adapter
-         client_class = OAuth2Client
-         callback_url = 'localhost:8000'
+        client_class = OAuth2Client
+        callback_url = 'localhost:8000'
     -------------
     """
 
diff --git a/rest_auth/tests/requirements.pip b/rest_auth/tests/requirements.pip
index 5a30385..b86361a 100644
--- a/rest_auth/tests/requirements.pip
+++ b/rest_auth/tests/requirements.pip
@@ -2,3 +2,4 @@ django-allauth>=0.25.0
 responses>=0.3.0
 flake8==2.4.0
 djangorestframework-jwt>=1.7.2
+djangorestframework>=3.6.2
\ No newline at end of file
diff --git a/rest_auth/tests/test_social.py b/rest_auth/tests/test_social.py
index dff6438..9b2ae55 100644
--- a/rest_auth/tests/test_social.py
+++ b/rest_auth/tests/test_social.py
@@ -275,8 +275,12 @@ class TestSocialAuth(TestsMixin, TestCase):
             'access_token': 'abc123'
         }
 
-        self.post(self.fb_login_url, data=payload, status_code=200)
-        self.assertIn('key', self.response.json.keys())
+        # You should not have access to an account created through register
+        # by loging in through FB with an account that has the same
+        # email address.
+        self.post(self.fb_login_url, data=payload, status_code=400)
+        # self.post(self.fb_login_url, data=payload, status_code=200)
+        # self.assertIn('key', self.response.json.keys())
 
     @responses.activate
     @override_settings(