Via Coding the Web comes this example -
Then I just saw this posting from Jason: Last night my journal was hacked. All of my Movable Type weblogs were deleted and the archives destroyed. Looks like they got in by just using my username and passwd which is not good.
This is why my posting API uses encryption, and why I don't support the blogger api on this blog - that pathetic excuse for an API passes usernames and passwords in the clear