[eluser]davidbehler[/eluser]
I finally had time to look into the library again and you are right, there is no real validation done except checking for FALSE/empty value. But as I'm passing the second parameter as TRUE to the $this->input->post() method, the data is run through the XSS filter.
I guess it's totally save to drop the check for empty value and only check for FALSE. But I doubt that you will really feel a difference compared to checking for FALSE and empty value instead of only FALSE.
As far as error message instead of FALSE as return values are concerned I didn't implement those as that would require internationlization and would make the library further complicated. If you really want me to, I will add the feature in form of an additional language file 'auth_lang.php' or something similar.