someone can sniff the client for the information it sends/receives so its possible to extract the info that way.