Am I missing something when I see sites like Digg not using HTTPS for login and passing plain text passwords? I thought you always needed HTTPS for login form submission.
The reason I'm asking is to figure out if we should be doing this for our startup. Any insight would be appreciated.
Here is a picture I took with FireBug showing Digg's login window: http://farm3.static.flickr.com/2488/3674881101_b946ecf39f_o.png
Thanks in advance!