Comment 14 for bug 1188189

@Dolph: now /that/ is a clear vulnerability. Client to server connections should always be properly encrypted. Could you open a separate (private security) bug about that ?