UPDATE: FIXED. See the comments below.
A couple weeks ago, I installed twitbin, a Firefox extension that loads twitter in a sidebar. But, I just happened to be checking my browser cookies, and I noticed that my twitter username and PASSWORD were stored in my browser cookies in plaintext! This is not even a session cookie -- it is persistent, with a one-year expiration.
Are you kidding me?! Twitbin -- uninstalled.
"[I]t is never appropriate for cookies to contain plaintext user names and passwords." [The World Wide Web Security FAQ]
Hey just to let you know, we fixed this issue and completely redid the way your cookies are set. They are now encrypted, and no longer plaintext.
Thanks, Brian! 🙂