I realized that passwords are sent unencrypted through the network. This is a huge security issue. Firstly, I imagine a lot of people use the same passwords for many websites, so be drastic for many of them them. Secondly, the private projects and so may not be very private.
Is it possible to send the passwords over SSL, rather than plain HTTP ? (have the form managing page in https:// rather than ‘/ee_ajax/set_login’ )