HN passwords are sent over plain-text HTTP posts during logons and resets. Also, simple passwords such as '1234' are acceptable. As hackers and implementers who should have an interest in security isn't this a bad example to set... especially with all the recent password compromises and the endemic re-use of passwords?Some wireshark pics here: http://imgur.com/a/69dcm