A friend who is super anti 4 square has been scaring me again . . .

The above screenshot was taken from Wireshark listening in on a gateway Wifi NIC to my iPhone. Take a good look at the “Authorization: Basic” line in the above screenshot – Foursquare sends my account’s username and password in plaintext over HTTP, without any encryption. They send it every time you open that Foursquare app. If anybody has access to any routers between you and foursquare, or foursquare’s DNS happens to be hijacked by anybody anywhere up your DNS chain.. or someone is setting up a public wifi intercepting foursquare HTTP requests, and you joined it… you’re screwed.