diff --git a/packages/accounts-base/accounts_server.js b/packages/accounts-base/accounts_server.js
index e25af05544..95fa5b113a 100644
--- a/packages/accounts-base/accounts_server.js
+++ b/packages/accounts-base/accounts_server.js
@@ -260,10 +260,14 @@
   // to this collection are also allowed in insecure mode.
   Meteor.methods({
     "configureLoginService": function(options) {
-      if (!Accounts.configuration.findOne({service: options.service}))
-        Accounts.configuration.insert(options);
-      else
+      // Don't let random users configure a service we haven't added yet (so
+      // that when we do later add it, it's set up with their configuration
+      // instead of ours).
+      if (!Accounts[options.service])
+        throw new Meteor.Error(403, "Service unknown");
+      if (Accounts.configuration.findOne({service: options.service}))
         throw new Meteor.Error(403, "Service " + options.service + " already configured");
+      Accounts.configuration.insert(options);
     }
   });
 
diff --git a/packages/accounts-ui-unstyled/login_buttons_dialogs.js b/packages/accounts-ui-unstyled/login_buttons_dialogs.js
index d113e085d7..47fa8e8641 100644
--- a/packages/accounts-ui-unstyled/login_buttons_dialogs.js
+++ b/packages/accounts-ui-unstyled/login_buttons_dialogs.js
@@ -170,7 +170,7 @@
         // Configure this login service
         Meteor.call("configureLoginService", configuration, function (error, result) {
           if (error)
-            Meteor._debug("Error configurating login service " + serviceName, error);
+            Meteor._debug("Error configuring login service " + serviceName, error);
           else
             loginButtonsSession.set('configureLoginServiceDialogVisible', false);
         });