How were they sent then?
To be honest this question you pose is more to do with you perhaps first having an understanding of protocols and how they work and what part applications that run on servers have in that process.
I’m not trying to put you off the discussion, but this is not really an issue with buddypress unless you can come to us with some explanation of how in your tests you have arrived at the possible conclusion that bp is not secure in some fundamental way.
@hnla
The website is hosted off of 1and1.com.
Using wp 3.3.1
and the newest BP ( not sure what version it’s at now )
I used a program called netspark i believe,
( just had to reformat today to linux. Couldn’t stand Windows 7 >.< )
One I get the program installed, I will screen shot the reports of a BP site, and a some other social CMS ( elgg. )
The program pervades full details on why the passwords are being sent over https.
I will also contact other BP sites with their permission and test their site too and take a screen shot of the results.
Don’t get me wrong, Buddypress is one of the BEST plugins for WordPress.
also, I will see if it has something to do with WordPress it’s self.
The reason why im bringing this up is due to the fact that I installed Elgg on a different domain and the passwords were secure.
Disregard all comments about password transmitted over https.
Found the problem…
Sorry for the late reply.
I built a page template for the activity page (activity page as the home page) using a IF user is logged in locate template mustlogin.php
I took the login bar from the buddypress widget and placed it in the template.
Same thing with the /register page.
Also, I tested a recent buddypress site and the passwords weren’t sent over https.
the problem was I created a template.
Once I get time I’ll dig more into it and place the codes of the mistake.
I will have them posted by tomorrow if you want.
@hnla