Ive often been skeptical of sending posted data through any system. I don't know the logistics of it but I know people can scan for ports and get data that has been posted, or displayed on a website. Hence the introduction of SSL encrypted data.
Since reading an article on php mag I decided to start encrypting passwords send from a login form on my websites.
I found a cool md5 javascript that will enctypt my data before I send it off for posting.
http://pajhome.org.uk/crypt/md5/md5src.html
I run this script onlick of the login button, both the username and password get posted to an sql query eg
select * from users where username = '".$_POST['username']."'
then I check to see if the password is correct by
if(md5($row['password']) === $_POST['password'])
if it checks out then the user is in.
Hope this helps.
