Find Bug in your website

Mark Doliner mark at
Sun Sep 29 13:47:29 EDT 2013

Hi Maulik. Thanks for reporting this to us. You're right, we should be
forcing https here but we're not. We'll try to fix this soon. In the
mean time, this problem isn't too terrible because there isn't a huge
amount of harm that can be done with a user's mailing list password.
Probably the worst aspect of this is that many users will use the same
password here as for other things, like their bank or email account.

More information about the security mailing list