...

How could I avoid sending a cleartext password through the net when I use a http://....../manage? How and where should I configure what? I hope it'd be possible...

You would need to set up an Apache-Zope configuration and by using "Cookie Crumbler" and "SSLAbsoluteURL" you can actually force login over SSL. I've done a short documentation about my setup that's unfortunately in german. If you got someone at hand who can translate it it may help http://www.dzug.org/SchreibMit/ZopeFaq/Virtual%20Hosting/Zope%2C%20Apache%20 als%20Chaching%20Proxy%20und%20sicheres%20Login Otherwise, just dive into Apache and Zope with CokkieCrumbler and SSLAbsoluteURL, did the trick for me :) /Carsten