Originally Posted by
IBxAnders
If you are on a network that has been compromised and packets are actively being sniffed - then yes, a hacker can absolutely intercept and decode a password, not only for Flyertalk - but almost every forum and other web app.
We are not currently planning on putting the entire site behind an HTTPS proxy, nor re-writing core vBulletin components for additional encryption. While the perceived threat is real if some conditions are met, the use-case is not direct and I do not think presents a danger.
Most every other site that asks me to submit a password has at least an encrypted login screen (if the entire site isn't encrypted), whether it's banking, email, or even Facebook. I'm hard-pressed to think of another site I use with any regularity that presents a possible threat of sniffing my password in [almost] clear-text.
It is extremely dangerous for you to tell people "don't worry, that coffee shop network you're using is
probably secure." You should never assume that. Always treat browsing the Internet in a public place as if someone is looking over your shoulder at all times. I think you need to have a serious talk with your product people and rethink your entire company's approach to security. The lackadaisical attitude I'm seeing towards it is not very comforting to me.