[vijayaggarwal]

According to RFC 2617[1], Both Digest and Basic Authentication are very much on the weak end of the security strength spectrum.

[1]: http://tools.ietf.org/html/rfc2617#section-4.4

[EvanAnderson]

The main criticism relates to eavesdropping. Wrapping Basic or Digest authentication in TLS eliminates that issue.

[xorbyte]

The article makes no mention of TLS anywhere, and the example endpoints are all HTTP. So, this is a thoroughly insecure implementation, relying on very weak security mechanisms, prone to straightforward interception and tampering, replay etc.

[ttharma]

Both HTTP Basic and Token Authentication are secure when used over HTTPS. I updated the article to include a note about this as well as updated the code examples to use HTTPS.

[pan69]

HTTPS is only secure if no client credentials are stored on the client, e.g. hard coding a username/password pair in a mobile app. If a user needs to supply a username and password it would be OK I guess..