invalid confirmation code for subscribers already in the system

Because any message that displays on thing when your already a user and another user when your not a user, could be used by someone to snoop who is subscribed to to a site, I intentionally display the same message whether the user exists or not. I'm concerned that it could be confusing to then not send the email, especially to users who actually didn't remember that they had signed up. Does it seem appropriate to still send an email, but to say something slightly different in that email?

I have a client that recognizes the security risks and still wants a friendlier user interface. So I will be adding an option soon for friendly verse secure handling.

Sending an email informing the user of their new subscription would be nice, just without the confirmation link, if they are already in the system (the main goal would be to avoid errors, as the user would likely think that they weren't successfully subscribed upon reading the error).

We also could do no email for those users, if it's a matter of one standard email that would go out. Again, I think the main goal would be to avoid the user encountering "what appears to be" errors.

Is there any projected date or time-table for this issue (invalid confirmation code for pre-existing users) to be resolved in the features of civicrm_subscribe?

I wouldn't expect anything from me for at least the next month. If someone else comes up with the solution before then, or if I need a diversion from my current project, it's possible that it will be sooner. It's a pretty simple fix, but it's pretty low priority to me, I'm two weeks behind having gone to Barcelona for that amount of time, and my contrib work is really focused on getting faster searching into 6.x (#146466), and fixing a critical issue (#154572) in another module.