...
For both the Forms/SSL and Browser based authentication mechanisms, it is important that the user trusts the web site they are logging into. Just For example, just becasue you use an SSL encypted form to send your username and password to a remote web site doesn't mean that your password is safe. For example, if the programmer who created the remote web site is inexperienced in security issues, they could easily do something to compromise your password without intending to do so. Becuase security is so important and so easy for a programmer to get wrong, the Department of Energy requires SLAC to not allow programmers to every ask a user for their username and password unless they obtain special permission from the lab.
...