[rst]

But if the page containing the form isn't served through SSL, it's subject to alteration by a man in the middle --- which is what actually happened in this case. And users who don't "view source" every single time have no way to notice the difference before logging in (and precious little after, if the logger quickly resubmits to the real McCoy).

[staktrace]

And if the page that has the link to the login form isn't served through SSL, it's subject to alteration by a man in the middle to hijack the login page. And if the page that has the link to the page that has the link to the login form... you get the idea. Use SSL on every page, or you lose.