As far as I can see user credentials entered on wp-login.php are just sent with an HTTP POST request. Does WordPress do anything else to make logging in more secure?
If credentials are just sent with a plain text HTTP POST request, then sending this information from a different domain is the same, right? So with a shared user table I could just log the user in on both domains. Is this in any way less secure?
I'm not asking if it's the most secure way, just wondering if it's as secure as logging in on a WordPress install without SSL enabled. WordPress.org and WordPress.com don't use SSL either...
[ Moderator note: duplicate topic deleted. You are already in the correct place for this question. ]