in reply to Re^3: Status of Recent User Information Leak
in thread Status of Recent User Information Leak
I've said before that I agree it was a bush-league mistake and it would be nice to see the site practice what we all preach but I'm getting sick of critiques like yours because they're all fundamentally flawed. As every sign-in on this site is under http and not https your password is sent as clear text regardless of how it happens to be stored on the site. It's inherently insecure.
(update: noticed parv, and others, brought this up already.)