> Once automated, no one will be checking
> sumbmission correctness manually. If
> woman-in-the-middle attacker hijacks
> SID, she can
> quickly withdraw then submit her own
> url. Ouch...
> What about ssl?
If a hacker really wants your SID, he/she will get it anyways... once and awhile you do login to the website.
Must be April 1st
... because everybody ships DVD's nowadays :)