That's not the argument here, though. The proposed solution --- and the one that Meebo uses, when you don't use their SSL login --- has a glaring security problem.

i wasn't proposing it, i asked if thats what you meant

i was implying, how come they didn't run into security problem when they are practising a non-safe method? why do they expose so many users to such danger without their knowledge?