Quote Originally Posted by Kosmos992k View Post
Oh good grief...bad SE, bad, bad. Fix this, and encrypt the communication between game and server. Come on SE, do it now!
The only thing that needs to be encrypted is the handshake and credential exchange; which, according to this, is. After that, it's all just icing on the cake. There's not much a potential exploiter or account thief could learn from the normal game traffic, even unencrypted. Hmmm, I take that back, they could learn if you were an acceptable mark based on your gil and transaction history. But it's not going to get them any closer to stealing your account. The session ID is only exposed during the original exchange done by the launcher, which is encrypted. The risk is of a program on the client machine stealing the session ID, which makes encryption worthless (local encryption does nothing, as it is akin to placing the key on top of the safe).