Instagram sends passwords in plain text
http://getsatisfaction.com/instagram/topics/password_is_not_encrypted
Makes you wonder how secure mobile apps are in general as the user can't determine the connection state, unlike a browser window by looking at the URL or seeing the padlock in the corner.
15 comments
[ 1.6 ms ] story [ 33.2 ms ] threadhttps://github.com/codebutler/firesheep/wiki/Handlers
This website should really be migrated to https.
The suggested password strategy helps to protect against the later case.
(http://news.ycombinator.com/item?id=1897102)