Eddie Roger wrote:
I was looking through changes to the apiedit branch and saw a revert to disable login tokens. I read the note in SVN as to why, but I don't understand the benefit of just using cookies versus using tokens, especially for robots. I'm not questioning Brion's decision, just wondering if there was explanation.
The reason and vulnerability (which Roan already told you) was discussed on wikitech at the time.