A couple of days ago this serial blogger looked at a few blogging tools and found they didn't come up to the standards set by Movabletype. Today it's the turn of a few more victims starting from b2evolution
With B2evelution, the reliance on cookies is just too much. The login system failed to work for me and looking through their archives I found that I am not the only one. Each time you click on something you are asked to login again. This prompted me to take a close look at the code and it appears that they may even save the passwords in a cookie!
Now they may argue that they are saving the password as an MD5, that doesn't matter, you can still create a fake cookie with that.
They are few more blogger on the same hotscripts page but none of them have a product description to wet the appetite, so they were not even considered. The next page was pretty similar, one had this description: