This site seems to be well secured. I am in no means a "expert" cracker, but I cannot find any vulnerabilities to XSS, SQLi, or even RFI. Apparently the site also uses sha1 for passwords that are dubled salted (salt and pepper). I hear all the time that "no site is unhackable", and prehaps I have missed something...who knows. here is the site: havocarcade.com What is your opinion on sha1 double salted algorithms?