* Captcha mechanism is too weak to prevent automated span users creation.
    * Sound ok now, not recently fake account recreated 
  * The webserver in not using SSL, hence login/password transits as clear text on the network.
    * login now redirects to https.