You should probably not base your "business" around the quality/security of privmsg on IRC. Frankly, attempting to use hypothetical harm to your "business" in order to escalate this report lowers your credibility on the matter. If this really was a business concern for you, you'd realize how trivial this issue really is and solve the problem on your own rather than claim that it can cause "serious" harm. For instance, you can easily script the ON QUIT command to notify you that the user you're querying has left IRC, and queue up a WHOIS should that user message you again:
on *:QUIT: {
if ($query($nick)) {
hadd -m queries $+(query,$cid,$nick) $true
echo $color(info) -e $nick * User has quit IRC.
}
}
on *:TEXT:*:?: {
var %c = $+(query,$cid,$nick)
if ($hget(queries,%c)) { hdel queries %c | whois $nick }
}
Your suggest to change the "query method" (whatever that even means) from "nick to ident" would not even be helpful-- an ident can be impersonated just as easily (even easier in fact, since idents need not be unique on the network) as a nickname..
As mentioned, query is really not meant as a guarantee of user integrity, so there's little mIRC should do. mIRC already shows the user's hostname in the title of the window, so you should be looking there. If you need extra you should use a network with services (nickserv) where they cannot privmsg unless they've authenticated, or use DCC CHAT which directly connects you with the user. Using queries and then complaining that someone else might steal a nickname and impersonate them is like sending a plaintext password unencrypted over the wire and then complaining that someone can sniff it.