Conor's Web Log of Esoterica: What's wrong with this picture?
This is a ****SERIOUS**** no-no. Financial institutions should always use SSL to take in user identity.
The W3C WSC spec is trying to come out with strong guidelines.
With the financial institutions primary targets of phishing schemes, it is imperative that all sensitive information about the customer is entered on a secure page. Maybe utilize EV Certificates and the browser indicators (green bars).