Users can enter invalid URLs during account creation
When a user profile includes fields that requires a URL such as the users website, the field is sanitized if the user edits the profile - more precisely, the change cannot be saved if the user enters a URL without a protocol such as "http://".
If, however, the user enters the URL at account creation, the field is not sanitized and the user can create the account with a URL without the protocol prefix. This does cause problems when creating links using the field's value.
Proposed resolution
Apply the same check to the account creation page as used when editing the user profile.