There are some relevant considerations in that document but I found it to be very dismissive. SSL for example is not hard to implement, and going ssl-always is now quite common.
Don't get me wrong, I certainly don't want to advocate slapping some crypto lib onto a site with a bunch of marketing script. A project from scratch with these considerations might some day get it done.
Don't get me wrong, I certainly don't want to advocate slapping some crypto lib onto a site with a bunch of marketing script. A project from scratch with these considerations might some day get it done.