[mschuster91]

> That begs the question why. Why bother creating such a weirdly intricate system on top of something that works just fine on its own? I have my own theory, but keep in mind it’s just that.

To avoid admins (or hackers) in enterprise "SSL breaker" boxes from exfiltrating passwords.

[mminer237]

How many enterprise admins are trying to get employees' Steam passwords? I think the "it used to support logging in without SSL" theory is more likely.

[meibo]

I wouldn't call it an impossibility, Steam accounts often carry a real, huge amount of value to their owners, going into the thousands of dollars of either games or trade items.

Even if it wasn't the main reason, it probably played a role. Some small time admins in education facilities would probably have an easy time with this stuff and wouldn't get caught doing it.