My security concerns at the MOMENT are simply that as i've got it now, the password is plainly visible to anyone who looks at the browser history, or even walks by the machine while its logged in.
I'll definitely take a look at those links though. If for no other reason than to see that little padlock in the status bar :D.
And thanks for clearin up the whole "POST/GET" thing, thats been confusing me.
One of the basic principles of Web Security is "don't trust the browser". For example, don't trust that the browser won't cache a POST request. In fact, major browsers DO cache POST requests - note that if you press the BACK button to a POSTed page, they give you the option of reposting form data.