id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc
4479	OAuth is propagated as secure	anonymous	team	"In JOSM startup page, OAuth is propagated as alternative if I dont like my credentials to be sent in plain text.

This ist very misleading, as with OAuth, my credentials are also sent unencrypted. When talking about security, It's no matter if credentials are sent once or every time. Sending them over the net is sending them over the net. As OSM does not support any encryption, so we should not draw a picture of a secure authentication with OAuth.

I consider this a security bug (in the Startup Notes, not in JOSM)."	defect	closed	major		unspecified		fixed