> Really bad idea.Security through obscurity is no security. I can listen on > the network and see what kind of requests are made, for example.
If you're already listening to the network you could simply extract a users password and log in as that user. I'm not writing a banking application, or an app with rigorous security requirements. I don't expect to serve anything over https.
