Just to inquire if any effort went into OpenID integration for the back-end. SSL proves to be expensive, requiring a standalone IP address (still) and SSL cert. SSL cert can be self-signned, but then there's the annoying "insecure" website thingy. Some webhost offer some free IPs, but not mine. So OpenID would provide security AT-LEAST for the password transfer. The running session could still be inspected or stolen, but the password would be safe.
I've seen this article, and it doesn't seem too difficult.http://remysharp.com/2007/12/21/how-to- ... in-system/
Please let me know if there's anything ready.