(Tim Starling ts4294967296@hotmail.com):
If we really want to be serious about security we'll have to use ssl for login, but I don't know how to do that.
That's entirely too paranoid. Frankly, I don't see much need for high security of Wikipedia logins. It's not like we're storing medical records. (Oh my God! My neighbor might find out that I like the "Nostalgia" skin!) The only real risk is that someone might log in as me and make edits in my name, but then I'd just disavow them and change my password.
The present saltless-md5 was an improvement over the original code which had passwords in plain text in the database where any sysop could see them all with a select; /that/ was probably a bit too loose :-), so I md5'd them. If making a slightly better encrypted version improves things with no hassle, that's fine too. But let's not get worked up over nothing.