This is something that I have contacted the company about, but have yet to get a reply:
Unlike some other online retail sites, Amazon's sign-in page is unencrypted (ordinary
http://...), which so far as I can see means that your password is sent in the open. However, if you click the "Continue (using secure server)" button without entering anything, you are taken to abother page which gives you an error message and invites you to sign in again. The difference here is that the page is secure (
https://...) which means, I believe, that your log-in details will be encrypted when they are sent.
Why don't Amazon automatically connect you to the secure server before log-in?