Most web developers are aware that if their site is not secured by an SSL certificate (HTTPS-encrypted) for form data (such as entering a user name, password, email address) that an attacker has the potential to see the entered data rendered in plain text. The use of HTTP (unencrypted) forms sets up …
[Read more...] about Are your login forms wearing HTTP dirty diapers? (Updated)