Comment 9 for bug 1047588

Hi Andrea!
  "mardy.it" *is not used for authentication* anymore; it's what I've been using while developing on the project, but it's been substituted with another URL with the latest version (I'm using "wiki.ubuntu.com" now). Anyway, this URL is used as final URL during the OAuth authentication process: it's called "callback URL", and it's the URL that the OAuth server will redirect your browser to when the authentication is finished. This URL can be any URL (even a static HTML page, as I was using in my website), we need it just to know when the authentication is finished.
It should be possible to not even load the callback URL (this would definitely address all security concerns); I just created bug 1048177 not to forget about it.

About the google{,-login}.sh scripts, thanks for pointing them out; we'll remove them, as they are not useful anymore (we were using them while the Online Accounts applet was not ready for use).