I Thought Such Security Flaws Exist Only in Tales...
via: How not to write secure Web apps - and get to see Steve Jobs for Free!
All the crypto and password logic was in client side javascript? hmmmmm....
Here is how you DO write secure web apps
Cheers