I've read through the code of the script - and the most it can do is read your cookie. This won't (probably) give away your password - but it may possibly be used for changing your password for you unless you make sure you bind to your own IP.
Spoofing with IP bound is harder - and involves spoofing your IP.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
timeasmymeasure
no subject
Date: 2004-06-12 12:19 pm (UTC)Spoofing with IP bound is harder - and involves spoofing your IP.