Captcha mechanism is too weak to prevent automated span users creation.
Sound ok now, not recently fake account recreated
The webserver in not using SSL, hence login/password transits as clear text on the network.
login now redirects to https.