fyi - when browsing to a protected resource (the left side nav contact link for example) as an unauthenticated user via the desktop site, a login form is presented which does not include the tos acceptance checkbox. login can be completed with just the user/pass. not sure if this would be classified as a bug or not.
also not sure where bug reports should be submitted.