I was a little taken back when I saw firesheep running on my university's (unencrypted) wireless network. The number of cookies/sessions being sent back and forth, and the ease with which they could be stolen, was staggering.<p>SSL has been around for awhile, the CPU time required is negligible compared to the other tasks most web-apps are doing now, and for any real business, the cost of a simple cert should be trivial. Plus, with SSL-offloading common on platforms like netscalers or aws EC2, many sites could probably support SSL without their web servers noticing.<p>I needed a quick (< 5 hour) project to try out rails3 and learn what changed, so this seemed like a good way to cut my teeth.
I apologize it's ugly -- design isn't my strength.