User blog comment:TimmyQuivy/HTTPS Next Steps: URL Changes for International Wikis/@comment-35982440-20180722042133/@comment-31955138-20180725225437

@KockaAdmiralac thank-you for pointing out that passwords are inaccessible through this. I hadn't meant to imply they were. Usernames were still accessible as they are included in the HTTP response from FANDOM but they are hardly private information.

However, session stealing would allow hackers virtually full access to your Wikia account (minus password change which requires a password). I would not envy the job of cleaning up a wiki which has had the session of an administrator stolen. Fortunately, HTTPS rollout has made this impossible.