The current order of execution in cron.php seems incorrect:
1/ mod/* should be executed after auth and enrol
2/ we should build missing context paths in every execution - this is very cheap and all the other stuff may break if there are missing context paths
3/ all the slow stuff doing external requests should be at the end - such as blog, backups, file storage, etc.
4/ mtrace('checking for create_password'); should be done in each cron run - it is fast and necessary to be done asap
5/ unconfirmed user deleting is very wrong - we need to first delete_user() and only then drop the record
6/ there is no place for module specific mess in main cron! /mod/quiz/report/
7/ remove unnecessary flush() - it is already part of mtrace()
8/ move notify_login_failures() to cronlib and execute in each run for security reasons