Comment 2 for bug 1054677

I'm not a security expert but I think this could also open the door to a MITM phishing attack. A user could click a link (sent from a server pretending to be productsearch.ubuntu.com) thinking they are buying from amazon.com but instead the login information is being read by a malicious third party before being somewhat transparently passed on to amazon for order completion.