if the website is using "standard" authentication...then the password is embedded in the url differently..like so:
http://username:password@www.webemailservice.com
might be https (if they care about security) as the username and password are only uuencoded and not crypted.