I don’t know anyone that has the “I submit information that’s not encrypted” option checked. We used to prompt for submitting information that was unencrypted, next we added an option on the dialog that disabled the warning (and was checked by default), and finally we removed the warning by default all together. People submit so much information via searches, surveys, voting, sending quick messages, etc. that it would just get in the way and be ignored.

I’ve noticed lately that a lot of sites are showing login forms on unencrypted pages but submitting them via SSL to their target pages. This is a secure method of logging in but it’s started to train me to not look for a secure connection before I log in and that’s not a good idea in the long run.

I think our current option is too broad, so I’m proposing that we add an option that says “I submit credentials that aren’t encrypted” or a sub-option for the current text that says something about “unless I’m sending a password.”

In more technical language: If a user POSTs a form containing an input of type=”password” to a non-encrypted page we should show a warning.

This would mean regular searches, filling in surveys, anonymous voting and polls would all pass transparently if unencrypted, but when you got to a form with a password you would be warned.

I bounced this idea off a channel in IRC and no one said I was nuts so I figured I’d take it here. It seems like too small of a feature to make an add-on out of but I might if I get some free time. What do you think?

Want to know the big changes and what’s brand new in Firefox 3? Check out Firefox 3 for developers.

Want to get right to the part about updating your extensions for Firefox 3? We’ve got a wiki page for that too.

If you know your extension will work and you just want to know what you need to do on AMO check out Justin’s quick review.

For more personalized assistance feel free to ask your question in #extdev on irc.mozilla.org.

If you’ll be in Brussels, Belgium at the end of this month (February 23rd and 24th) you should consider hitting up Mozilla’s Extension Developer’s Workshop at FOSDEM 2008. It promises a trifecta of awesomeness including helpful people, Mozilla swag, and delicious beer.

Edit: update first link to be more useful