Quoted from toddtuckey:Welcome aboard "PinTim80"! I see you joined just 16 hours ago and we now have been blessed with your first post! You certainly went to alot of trouble to register--why not have "Your Friend" post your findings? At least he would have the backing of some kind of background on this forum! I also noticed your "name" is awfully close to one of our Twins--Tim--email name which is grimtim1980@ .... hmmmmm ......ummmmm.....and the town you live in is Abingdon, the town right NEXT to Tim's town in Maryland! Ahhhhh.... Ohhhhhh.... Could this be a NEW Troll or and OLD Troll? Hmmmmm....
Anyway, we will look forward to MORE of your helpful posts!
We also noticed someone in Maryland with same "name" tried to register on our site about the same time you "Joined" the forum and we denied it--very suspicious information. And please get back to your "friend" (you have one??) and tell him how great you are! Todd Tuckey
I'm not going to do a deep assessment or anything, but I assume his friend is figuring you all are sending credentials in plaintext since you aren't using SSL on the login page (or anywhere else on the site that I can see). Since you aren't using SSL I'd hope you're performing client-side encryption before transmitting any creds. Ideally you'd also be encrypting at rest too.
Most browsers will do a very basic check for sites not using HTTPS and warn about signing up for those sites. Even if you are doing client-side encryption I'd recommend updating the site as it would alleviate some of the concerns around that.
Edit: Looks like people already addressed this earlier in the thread anyway. My bad.