Was messing with some pretty basic session hijacking and password sniffing (basic as in using a freely available Android app), and was surprised at how easy it was to get my own username and password on my network. This can easily be extended to others on my network too (as in, I can session hijack and get the username/passwords of people who do anything on this site on my network), and can even be done on other networks too with ease.
To be fair though, this would likely be possible with any site that doesn’t use https for authentication, but I don’t know too many sites nowadays that don’t.
Should also note that I don’t specialize in network penetration at all, so the above is pretty basic/beginner-tier (generally speaking).
That was taken from http://yoyoexpert.com/privacy-statement.html but when I can get personal information from such basic tools, I really don’t think there’s much “precautions” going on.