I'm not entirely sure how to take that top part. If you were attempting to describe me... I think I'm insulted, otherwise just confused. As to your concern about broadcasting passwords in the clear... well that's what I'm attempting to avoid. Yes the server and the user both have an unencrypted form, but I don't believe it would be so simple to break into the database and steal it.
So, overall I'm not entirely sure what your point was, so I guess I'll just file it under an endorsement of SSL.
My code doesn't have bugs, it just develops random features.