AFAIK, inputs of type password are sent to the server as plain text. In Login Manager, for example, that would mean that passwords are exposed every time someone logs in. In User Folder, the passwords would be exposed whenever they're changed. If my interpretation is correct, then it seems to me to be a call for out-of-the-box ssl support in zope. Bill.