Except that as long as you use a unique password, and don't give any details that you don't mind falling into the wrong hands, there is absolutely no risk.
There is a lot of risk going to a compromised website. You are basically inputting potential malware onto your computer, and, if there are zero-days present on your system, handing control of your computer over to a malware author.
A random website? Absolutely, 99.999% of the Web is safe. But we're talking about a site which is specifically compromised with malware.
With that said - "Linux" is safe by being such a tiny population of the community that browser malware generally isn't written for it. In general, I take it as a given that people have deleted/disabled flash and java plugins a long, long time ago.
> A random website? Absolutely, 99.999% of the Web is safe. But we're talking about a site which is specifically compromised with malware.
Well, we don't know that, actually. The info given on the PE site say that the attacker gained access to the server and modified the database. Do you have proof that it's serving up malware to visitors?
In any case, it's an odd situation and an odd response from Project Euler. It doesn't seem like a complicated enough site to get hacked in a mysterious undetermined way.
I use a unique password and even a burner email, and a phone number that I update every 8 weeks for my banking website.
It's taken blood, sweat and tears to save up 20k (a lot for me) and even though I have a secure authentication scheme for the website, I worry about it getting hacked all the time.
"...there is absolutely no risk"
You have no idea! There's little practical risk in people getting access to my (fictional) ProjectEuler account, but there is absolutely some risk into returning to the same scam twice. Say they exploit PE again and are able to extract more than just password and email, maybe they find a way to get more info about the user's browser, or cookies, or SOMETHING. Anybody foolish enough to continue to navigate to projecteuler.net will suffer the consequences. They'd be better off never returning.
I know the response to this will be, "Oh, you can't possibly expect people to just abandon services that are compromised once" but I absolutely don't expect people to do that. I do it, because my security is worth it to me. Others don't, and this is the sort of thing that happens.
We've no way to really isolate what happened to projecteuler, and no way to now what kind of nasty code got injected into the pages.