...
However, the attempt to implement the remember-me functionality is insecure because an attacker with access to the client machine can obtain this information directly on the client. This code also violates MSC62-J. Store passwords using a hash function and MSC00-J. Use SSLSocket rather than Socket for secure data exchange, because it transmits the password unencrypted in the response.
Compliant Solution (Session)
...