That was my first assumption too, but Wireshark doesn't show anything going across the network as I type, and nothing that looks incriminating when I click "donate" with text in the password box. It looks like it's entirely client-side JavaScript as it claims to be. Kind of disappointing, actually.

edit: ...Unless it's clever enough to only be evil some fraction of the time. I didn't actually check through the code.

Theoretically, it could store the password in a cookie, and later retrieve it, along with (somehow) a gmail id.

Is it April 1st?

http://web.archive.org/web/20060412183431/http://www.nethash...

Now they need to come up with an excuse for people to create accounts on the site so that they get their usernames.