So, I thought, I'll view the source, and search for my existing password. And what do you know? There it was, right there in the clear. This got me thinking about one way hash functions and the like, and it occured to me that they had to be storing my password using (at best) reversible encryption, or worse yet, in the clear!
NB: the page is SSL secured, but I don't think that's really good enough.
Might I suggest to people who wear tin hats that they not attempt to log in to 2degrees lest they have a password change foisted on them (and the accompanied $yourPasswordHere embedded)?