Board Thread:General Discussion/@comment--20150810171627/@comment-13301-20150810182727

Apart from having a login form on every damn page, which is a security issue, Wikia isn't using HTTPS. By using HTTPS, if the login form is hijacked to send credentials to an external website, the web browser would block the load of the target page, or at least present a warning on the user. This is something that should be improved too.

About the login form, note that the latest MediaWiki release for 1.19 (which is now obsolete), prevented scripts and CSS from being loaded in Special:Preferences and on the login page... That of course couldn't be applied in Wikia because that would mean the current situation: no scripts on any page.