Suggestion: use https all the way


Right now it’s not secure even if you use https domain because authorization request is sent over http, the password is unencrypted over the connection.


Use any password then, setting up SSL is not the top priority at the moment, but if it doesn’t happen in the alpha it will surely happen in future releases.