i decided to give this site a try. how about making the site a little more secure, for instance using ssl, so that no one can spy on the login data and steal the money?

Edit: I just tested what happens when i click "forgot password". I got an email with my password. That means all passwords are stored as plain text in your database. From a security point of view, this is stupid.

There is a lot of money in your system, you should take care of that. Suggestions:

- a way to change passwords in case user password gets somehow compromised (i did not find a way to do that anywhere)

- store only cryptographic hashes of passwords (this one is a must), in case of a lost password, generate a new one. under no circumstances send a plain text user password in an unencrypted email!

- offer two factor authentification (preferably with a PGP option), preferably like this: if user chooses to use 2-factor with pgp, he types in his username/password, your site checks that with the cryptohash in the database and then sends an email with an one time log in pin via pgp-encrypted email to the user which he can then use to finally log in.

Edit2/a further suggestion:

- offer to use a fixed/unchangeable output address. In case someone hacks into an account, he might be able to upgrade mines, but he can not just simply steal money.

I know that security implies some efford, both on your side and the users side. But for me your site looks ridiculously insecure. I originally intended to send 0.4 BTC to buy a virtual mine, i will not do that. The risk of someone hacking in your site is simply to high. I am actually surprised, this did not happen so far.