View Single Post
I guess I don't see what the problem is. According to the Heise test:
Due to a lack of checking, a second, evil page on the same server could steal those saved passwords.

A lack of checking? When one chooses to save the password for that site, that's just what they're doing. By pressing the button one is saying "I want all pages on this site to have access to this l/p." If one is concerned that they may have an "evil page" on their site, they should click "Never for this website."

So I'm guessing they think that in case one page on the site is compromised, that could be an issue. Still, all the malicious user would have to do is have the data in the form submitted go to another site. Even if your browser didn't save passwords at all, this would still be an issue.