Also a good reason to use noscript and deactivate java, so that even if you accidently click on the link you are most likely safe.
This had absolutely nothing to do with any script or java whatsoever.
They just use [
url=evilwebsite.com] harmlesswebsite.com [/url] which looks like
harmlesswebsite.com so the link appears to be harmless, but actually takes you to some evil page (hover your mouse over the link and notice your browser's status bar which reveals the link's actual destination).
The evil page is made to look like a regular login page (in this case, they duplicated the login page from bitcointalk.org) and whatever you enter there is being stored, and you're being redirected to the real site so you may not even notice you were on a fake page.
Just mentioning because believing you're safe with noscript and deactivating java = false sense of security = makes you actually
more vulnerable.
