> A malicious party could intercept the password either by sitting between me and the server - or by compromising the server itself. Or, a corrupt sysadmin could steal the password. Or, incompetence could lead to a range of easily cracked passwords leaking out. If the malicious party can MITM your communications with the server, or compromise the server, or be a sysadmin then they can replace the fancy `` with `` and get your password anyway.