DISQUS

Well spotted. This is crazy.

For something crazier, see Wordpress.com, a very popular blog site, with plain text login data sent to an http endpoint from their https page !

Madness.

Worse now imo, folks are using their wordpress.com blog address as an OpenID.

Kinda mental to think that if you make the mistake of posting about, say your ski holiday in St. Anton from a Café while your there, somebody could sniff your password, and have access to all the on-line services you use OpenId with.

I have emailed Wordpress, and posted on my test blog there, they have not responded, and today it's still not fixed !