Originally Posted by Mighty Brush
Never enter your username and password into a web page that is not protected by SSL/TLS - most modern browsers will display either a padlock symbol and/or will change the colour of the URL (green for firefox). If you see any errors pop up about certificates, run for the hills.
What bugs me is the increasing number of sites that mix HTTP (unencrypted, insecure) and HTTPS (encrypted, supposedly secure) content on the same page - it gets difficult trying to explain this sort of stuff to a non-technical user when it would be so much easier if sites just used all HTTP or all HTTPS for everything on a page (I know why the content providers do it - but that doesn't make it "right" or "sensible", just "expedient").
I remember one site wherein the form (and all associated content like graphics) was sent to your browser via HTTPS, so all good there - but when you entered your ID and password, that data was sent back to the Web site in clear-text HTTP, making the whole effort rather pointless.
Best of luck getting the account back, Roo!