A fun activity.
Requirements: Firefox with Firebug (or even Chrome with Dev mode) and some basic understanding of 'calls' and related things.
Go to Facebook. Enter your username (which in facebook's case is your email id) and next do not enter your password. Instead enter a wrong password.
Now Facebook Facebook will send you to a 'login_attempt' page.
Now enter you actual password.
In the 'Post' call to 'login.php', in parameters you will see your dear password getting 'pass'ed nakedly.
Isn't that fun.