Both need to be wrapped in SSL for proper security. If the form is not SSL then people can do MITM attacks (among others) to get the username/password sent to the wrong server.
Aaron Turner wrote:
Both need to be wrapped in SSL for proper security. If the form is not SSL then people can do MITM attacks (among others) to get the username/password sent to the wrong server.
Thanks for the clarification. 
Aaron Turner wrote:
