Yeah, I would agree. I was able to bypass the login with no trouble at all. [In fact, the first time I did, it was by accident] The whole thing is riddled with XSS vulns.