I perticularly like the "How can we improve this web page?" form at the bottom.
The first thing that comes to my mind is removing it completely.
I perticularly like the "How can we improve this web page?" form at the bottom.
The first thing that comes to my mind is removing it completely.
Getting back to the origional post, just because the form isn't SSL encryped doesn't mean that it won't be encryped when you acutally hit the send button. Check the action of the form in the HTML source, and if it POSTs to an https:// connection, you're good. (Incidentally, this works the other way around, too. It's quite possible to have an SSL encoded form that ends up sending everything in the clear anyway, because the action of the form wasn't encrypted. Doing this would be a huge WTF.)
That said, it's still a bit of a WTF if that's what they're doing, because you'd still want the form itself encrypted for no other reason then to prove to the user that you can, in fact, do encryption. Forcing the user to check the source to find out that it'll be encrypted in a second is rather dumb.
Of course, the real WTF is that, apparently, the passwords were being stored in the clear.