[nightcracker]

The sad part is, it's not that hard to recreate the page of the world of warcraft login(every html and css file on the internet is open-source and nothing you can do about it), just changing the direction where the info should go. Then you create a PHP script(or any other language) who receives the information and puts it in a database. Just like the form does I'm typing this message in.

In fact, it aint even hard to get a page "secure", just go to a company distributing those "secure" signatures while having a normal page on your site, after you got the certificate you change the website and voilá, you got yourself a "secure" https page.

The lesson we learn from this:
Always look at the URL before typing in sensitive information. If the page is "secure", that only means OTHER people but the webserver can't see what you communicate with the server. If the webserver you're connecting with ain't OK, then you still aren't secure.