I thought I reported this a while back, but can't find the question now. Anyway this is still happening.
If a user is blocked and/or their IP address blocked, they can still edit their profile.
This means spam users can come back and continue to spam, or "disgruntled" blocked users can post abuse there. Perhaps there are legitimate reasons for allowing this, but putting stuff in your profile is essentially the same as posting on the site proper, so IMO it doesn't make sense to allow this (at least by default).
A secondary issue is that it's not feasible to prevent this via filters. In the filter_profile function, you can check if the current user is blocked, but there is no way to return a global error, only one error per field. I had this code:
if ( !($userflags & QA_USER_FLAGS_EMAIL_CONFIRMED) )
$errors = 'Must confirm email to edit profile.';
But it only blocks editing of that specific field - editing a different field works. It's not really feasible to return errors for every single field every time.
Can we get this fixed soon?