[borski]

I agree that the article is very poorly written, and inaccurate in places.

But at this point, having seen thousands of customers use Basic auth over HTTP, I don't actually care how sensationalized the article is. If it gets people to stop doing it, I'm all for it. We can explain the nuances later.

Frankly, the nuances of /why/ it's bad are somewhat less important than just knowing it's bad. This isn't true for all cases, but I would argue is true for what is probably one of the most common issues we see.