Kevin Rose's latest project, Pownce, has a glaring security problem on its front page. The JavaScript that Pownce uses in its login form can reveal your password in plain text on the screen. Here are the steps to reproduce the problem in Firefox:

1. Login to Pownce via http://www.pownce.com/. Allow Firefox to save your login information for next time, and then log out.

   

2. Navigate to http://www.pownce.com/ and type the first part of your username in the "Enter username..." box. Firefox will supply all of the matching usernames it remembers for this site. (So far, so good.)

   

3. Select your username and press return to have the browser autofill the rest of your information. Oh look, there's your Pownce password in plain view! I hope no one in the room was watching you login...

   

The method that Pownce is using to show the "Enter password..." prompt in the password field is the reason for this malfunction; browsers force all text in password fields to be hidden with asterisks, so if you want to show normal text in a password field like Pownce has chosen to, you have to do so in a non-standard way.

This bug affects Firefox and Netscape users who have JavaScript enabled, but it doesn't affect Safari users.

I've been playing around with the beta release of Safari on Windows XP, and here are my initial experiences and impressions: (I don't use Safari on the Mac all that often, so I'm not claiming that these are bugs in Safari for Windows only.)

• Bookmarks importing does not work. It didn't auto-detect any of my Firefox, Flock, Internet Explorer, or Navigator profiles like the webpage said it would on its first run, and it also doesn't do anything when I choose "Import bookmarks" from the File menu and give it a bookmarks file to import.
• The tab and status bars are hidden by default, which is a shame. Tabbed browsing should be given the spotlight, and the status bar is where most people look to see where the link they're about to click is going to take them.
• Looking at the browser's UI and rendered pages literally hurts my eyes. It may be due to some font setting on my computer, but while Firefox/Navigator/IE on my computer all look fine, any text in Safari (including the menu options) is slightly blurry. I won't be able to stand this for any extended amount of time.
• Doesn't support middle-clicking on tabs to close them. This will frustrate me very quickly.
• Using a blue icon that says "RSS" instead of the de facto standard orange feed icon? Lame. However, their actual feed viewer is very nice.
• Clicking on the "Add Bookmark" toolbar button and then pressing either "Cancel" or "Add" in the resulting dialog crashes the browser. Every time. (Turns out that the same thing happens when closing the Toolbar Customization dialog.)
• It doesn't support adding more search engines, as far as I can tell. Yahoo! and Google are all I can have?
• I can't get it to display XML files as anything other than plain text.

So, while I'm glad that Apple has taken the step of releasing their browser for Windows (we welcome any competition), I'm not that impressed with the actual offering. (It kind of reminds me of Firefox 1.0 - much better than Internet Explorer, but not nearly as good as any recent Mozilla (or Netscape) browsers.) I'll submit these bug reports to Apple and hope for something usable when Beta 2 comes out.