"You might want to be very careful before entering your username
and password on any 'new' services from Google. Developer Eric
Farraro has uncovered a potential hole in Google's Public Search
Service that allows a malicious (or mischievous) person to put up a
fake Google sign-in page to collect usernames and passwords for
real Google services.
"I found a question this morning on Ask MetaFilter about a
supposed new service called Gmail Plus. The URL,
www.google.com/u/plus, looked legit. In my pre-caffeinated state, I
almost entered my Google username and password to see what sort of
pre-announced Google service this MeFi-er had turned up. Instead, I
went ahead and checked the comments and found that signing in would
have been a very, very bad idea..."
