Hi,
In order to secure usernames/passwords, some other use of TLS/SSL may apply. The AAA work may be done on
https://login.wikipedia.org/wikiname, also giving a .wikipedia wide security token in that place and not messing with that in clear-text connections.
That's how large sites handle authentication/authorization. Isn't wiki a large site? :)
Domas