Apple Finally Fixes Unencrypted App Store Login 52
Deekin_Scalesinger writes "More than eighteen months after being first brought to Cupertino's attention, Apple gets around to addressing insecure logins to the App Store. In theory, this could be used to view lists of installed apps and make unauthorized purchases."
Yep, they were sending login information over plain http.