I just signed up for Best of the Web because I’m finally taking my own advice and working on some SEO. In their confirmation email, they sent my username and password. That is not secure. Since they just sent my password to my email account, my guess is they probably store it in their database not just unsalted but unencrypted whatsoever.
This is bad practice. You would think a site as big as BOTW would know better.
Meanwhile, my session expired and I was automagically logged out with a JavaScript alert to make me feel safe. Too bad a real hacker could sniff my connection and have my password already.
Thoughts?