Peercast places a cleartext password in a query string, which might allow attackers to obtain sensitive information by sniffing the network, or obtaining Referer or browser history information.