There is no guarantee that the x-forwarded-for request header data will be present just like there is no guarantee that client-ip data will actually represent the originating client as opposed to the proxy making the request on the client's behalf. As
I've said, we do track IPs and IP data is not guaranteed to ensure that we know who you are. This is a hard problem that pretty much no web-based (client web browser-web server technology) has nailed.
Yes, the poll is super easy to eploit. The question is, why exploit it? This is a social problem as much as it is a technological problem. "Gee. Other forums do this. And other forums do that...".
This is Channel 9. We like to think that a community can be responsible for and by itself. If you must exploit simple web features to make yourself happy, well, go do it somewhere else.