Thanks to Sam for pointing this out to me. I wrote about this last night here.
Judging by the first comment at TC (below), I can already see where this will be going. Not good for MBL.
Holy Christ, what kind of developer doesn’t encrypt their login cookies? That’s not a security hole, it’s just awful programming.
Get your popcorn.