[DanielRibeiro]

... and some call it insecure. If you don't take care of Man-in-the-middle attacks, which is one of the most basic attacks, you simply are not secure on the internet (where things like XSS and cross site forgery are for more common, and can render the most complicated authentication mechanisms useless). But for starting thigns up, it can be just fine.

[Tichy]

I guess you would have to ad a secret to the page you want to login to, that said page could display, and another one it could ask you for.

Hm, might become too inconvenient. The only advantage would be not having to remember the password.

This makes me think the traditional password recovery mechanism should also work that way. You should have to enter your new password first, then get the confirmation link to save it.