You are viewing Revision 1 of Security_Considerations
When you set a password, it is stored in a cookie in plain text. Every request you send to the wiki sends the cookie along with it. Again, this is sent in plain text.
If your password is compromised, a malicious user could gain access to the administrative interface of your wiki. By default, they won't be able to do much damage (except delete your pages for good - see Immediate vs Delayed Deleting).
I will figure out a way to address this in a future version of Aneuch.
If you operate on a shared, unsecured machine (such as at an internet cafe or similar), this is a very obvious problem. If you forget to log out of your wiki before you leave the terminal, the cookie remains active for 1 year. A malicious user could easily gain access to your wiki by virtue of the cookie's existence.
To log out of your wiki, click the "Admin" link at the bottom of any page, and click the "Authenticate" link. Your username and password, if set via the cookie, will be pre-filled into the form. Simply clear out the password field, and submit the form. You will be logged out.