Lex Friedman for Macworld has a report on the in-app purchases hack that’s been circulating. The most amazing part:

iOS users who try the hack may find that, in addition to robbing the developers behind apps that they enjoy, they’ve put themselves at risk. “I can see the Apple ID and password,” for accounts that try the hack, Borodin told Macworld. “But not the credit card information.” Borodin said that he was “shocked” that passwords were passed in plain text and not encrypted.

According to Tabini, though, “Apple presumes it’s talking to its own server with a valid security certificate.” But that was clearly a mistake—“This is entirely Apple’s fault,” Tabini added.

Anyone who has done this is fortunate that the first person who found the hack seems to be a pretty nice guy.

And this being the case is shocking.