Thanks for all the responses to the 'password in the clear' segment of this thread. I see another issue arising out of this. For all the effort that's gone into authentication/authorization/rols, nothing has been done about enforcing encryption. By that, I mean distinguishing requests that can only be sent over encrypted channels. SSLAbsoluteURL, AFAIK, can't prevent someone from constructing a url to get the same page in the clear. Short of going to an all SSL site, I haven't found any useful way to ensure that confidential pages are available *only* encrypted.
Given the availability of Apache+SSL (and otherz like Roxen) to front-end Zope, we are highly unlikely to add SSL into the Zope core; it incurs non-trivial development and configuration costs for those who *don't* need it.
OK, the issue isn't the encryption method (SSL), it's designating pages as confidential and ensuring that their delivery is encrypted. I think it has to be designed into zope just as solidly as users and roles. That's why I think there's a DC issue here. Bill.