A couple points here. You can enter the sha1 hash of your password or your password in plaintext. In the latter case the sha1 is calculated on the client (using JS) before being sent to the server.

Now that we got that out of the way the more interesting pattern here is how easily people will put the plaintext password for a specific site into a webpage that sprung up overnight.

* I know Chris Shiflett is at least trusted in the tech community (has written books and talks at conferences, etc) so it's not about trusting the site but the larger social implications of user behavior.

Who here didn't do a view source immediately just to make sure nothing was being sent to the server? =)

Don't forget to clean your .bash_history.

... or prefix your commands with whitespace to skip ~/.bash_history altogether.

... or $ unset HISTFILE

or put it in a file so it will never be in ps and use sha1sum < file

or just change your passwords and be done with it.