If somebody has a login/pw form on their home page, I can't see how it is safe, unless they are doing what you suggest with every home page visit. Please enlighten me. :)