My goal is 200km, but as 100km is a milestone for some, when I crossed that threshold my challenge page added a link from which I could download a Certificate acknowledging the accomplishment.
The URL for the 100k certificate looks like
On a whim, I replaced '100' with '200' in the above and tried the resulting address. The URL worked and rewarded me with a nice 200k certificate.
Given that nothing prevents someone from completely fabricating their rowing distances, this is not an egregious security hole.