CF is a community of BA CC and 'invited' others. The criteria for invited is not defined.
To join CF you must register and state your BA Staff Id. Supposedly someone then checks that Id and verifies the application. Given that CF has no legal relationship to BA or vice versa the person or persons checking new applicants is doing this privately.
I'm therefore sure that either under the Data Protection Act or the Computer Misuse Act the owners of CF are committing an offence against BA's policies. Hmmm.