BTC Guild doesn't have https
why do you need https? are you super paranoid about the government spying on you?
Haven't been around long? Somebody hacked into deepbit.net and stole some coins from several people, one of them had more than 100BTC waiting to be sent (why on earth would you leave it in the pool that long?) and Tycho was nice enough to pay them for the losses even though it apparently wasn't his fault. Probably standard password hacking (brute force, or had the password from another site and it was the same there, or sniffed traffic ... who knows), but certainly the login password to the site can be sniffed since it was being sent clear in the open. Since that time, several pools have moved to HTTPS including deepbit.net and BTCMine (not sure about Slush ... nothing changes over there from what I have seen, although it seems he really is the originator of large public pool mining).
deepbit.net wasn't hacked, the attacker got user's passwords somewhere else (most of those users were using same password in one of other pools and their worker password was the same as main account password).
Yes, my apologies. I did say "hacked", but I also did say that somebody could have gotten the username and passwords, and in fact, that is what you said when the incident occurred. I did not mean to imply there is or was any security problem with deepbit.net.
The multiple accounts seems affected seems a little odd to me; was there any relationship between the accounts [i.e. all know each other somehow]?. Technically, using a technical method to obtain the password is cracking, not hacking anyway.
Sniffing open http traffic is what most people were worried about in any event, so that is why https was added, correct?