OK, let me try to explain. Suppose site A (owned by someone else other than FT, as in this case) redirects all traffic to the real FT. If you go to site A and try to log in to FT, FT will now not let you log in, Joshua fixed that.

BUT -- if site A looks like FT and it misleads you into trying to log in, you won't realize something is wrong until you try to log in once or more and it doesn't work. If site A is capturing keystrokes before routing to FT, the owner of site A will know your FT handle and password by reading the site A capture log.

This practice is a variant of the internet con known as "phishing."

I think that is what the earlier posters were, validly it now seems, concerned about.

I apologize if you knew that all along and were referring to something else in your post just above.