Thanks Dave for making this video. I've question about the login. That means, for the very first client request to server, the client actually sending a plain text password. Right? How secure is that? If I'm not mistaken, everything that client sends to server will be show up inside the server logs. Please clarify.

Thanks. What do you mean by this?

"...Unless the form is posted to an endpoint over SSL, the password would also be sent over plaintext."

I'm not quite get it.

Thank you!