Update: IBM dW and the author have improved the code; I've followed up at Politely Suggesting Improvements. IBM's developerWorks published an article yesterday describing a simple Ajax web login service. The original code was horribly insecure, Bobby Tables-style "Anyone can log in without knowing a password merely by manipulating the query parameters" insecure. Fortunately, IBM fixed the code. Un