This thread isn't going where i expected it to go. Identity theft is a problem imho and personally i expected the elite perl hackers® to recognize that. It's true that the original poster had a weak argument in the 'trustworthyness' of the code posted, but identitytheft is something any programmer should be aware of.

On a practical side: the way the login system is set up now (with the cookie) would not be secure over http after a login over https. So that would require some modification.