Jeff Weinstein writes:
The snoop program is using FTP to find out the user's e-mail address. The image on the page is an ftp: URL. Our FTP code was sending the user's e-mail address as the password for anonymous FTP, which is the usually requested by FTP sites. The perl script was waiting for the FTP to happen, and then looking at its log to figure out the email address.
I've removed the code that uses the e-mail address as the FTP password for anonymous FTPs. You can still enter it by hand by using a URL of this form 'ftp://anonymous@ftp.netscape.com'. This will cause the navigator to prompt the user for the password to send for anonymous. This is a little known feature that will also allow users to access non-anonymous ftp accounts via netscape.
Or you can use 'ftp://anonymous:password@ftp.netscape.com/', and skip the prompt. Not really less secure (assuming you can prevent shoulder surfers) as FTP sends the password in the clear, anyway.