Sorry to revive a dead post. I forgot about this.
My original comment was actually to point out the fact that on the client side, the FlyerTalk forum does not do anything too sophisticated to login information. Here is an example: I tried to login as user "username" whose password is "thepassword". This is information from a packet I sniffed out:
vb_login_username=username&vb_login_password=&vb_l ogin_password_text=Password&s=&securitytoken=guest &do=login&vb_login_md5password=3c41ff681c1e3dcb68b 4d8573bf1c74c&vb_login_md5password_utf=3c41ff681c1 e3dcb68b4d8573bf1c74c
You can clearly see that I tried to login as "username". Now, instead of seeing the password in the clear, you see its MD5 hash: "3c41ff681c1e3dcb68b4d8573bf1c74c". The problem is that MD5 has been pretty well-studied and is considered to be very weak (e.g. collision attacks, pre-image attacks, etc...). There are also loads of lookup tables. In this example, you can go to
http://www.md5-lookup.com/ and put in the hash mentioned above. It returns "thepassword" as the original string.
---------
I think that my post at the very top was taken in the context of the security of financial information over an open wireless internet connection. While it can be secure, my point was that usage of less sensitive sites (like FlyerTalk) can create a side security issue for people who reuse login information.