A couple points here. You can enter the sha1 hash of your password or your password in plaintext. In the latter case the sha1 is calculated on the client (using JS) before being sent to the server.<p>Now that we got that out of the way the more interesting pattern here is how easily people will put the plaintext password for a specific site into a webpage that sprung up overnight.<p>* I know Chris Shiflett is at least trusted in the tech community (has written books and talks at conferences, etc) so it's not about trusting the site but the larger social implications of user behavior.