You're welcome to check out and comment on the exchange service I'm building at www.bitcoinexchange.com (auth: bitcoin/bit). You can test making an order, but it won't be completed and everything might not work yet.
I'm thinking about how I should solve a problem with the trade model I initially chose. That is, bitcoins or euros are reserved to the customer when he makes an order, without a guarantee that he'll really pay for it. That makes the service vulnerable to be DoS'd by some jackass who makes a buy order for all my bitcoins/euros and never pays. It also wrongly changes my pricing that automatically reacts to the amount of available bitcoins/euros I have. I have two solutions for this:
1) Keep the current model, but require more personal identification from the customer (i.e. make buying more difficult), so he's less likely to just be fooling around. Require registration and e-mail confirmation. Set an expiry time and a maximum amount for transactions. The expiry time doesn't help very much in the case of payment by bank transfer, because it must be at least a few days instead of 15 minutes or so.
2) Change to a stock-buying-like solution, where the customer can choose to get his coins immediately at the spot price when his payment is received, or he can set a maximum/minimum coin price at which he is willing to buy or sell. This removes the problem with reservation of coins, but is a bit more difficult for the customer. Some expiry time is also needed for paid minimum/maximum price orders that are not completed because the desired price is not reached in time. After the expiry time the order should be completed at the spot price or alternatively the payment should be returned (this causes some extra hassle).
So, which option do you think sucks less? Any other solutions?