Comment by ZoFreX
13 years ago
Security vulnerability 3: Websites could sniff passwords of users with password-saving browser extensions. If the extension autofills the username and password (and some do out of the box), then a bit of javascript on a GitHub Pages site could have stolen those users' Github passwords.
Excellent move on GitHub's part here.
i won't work in popular browsers. subdomain is another origin and passwords cannot be stolen