I know what SSL stands for.
As long as you are sending critical data in plaintext, there simply is no security.

I can imagine that its far easier to find a way to bypass that AG than to crack a GOOD encrypted pw.

There is actually an easy way to disable AG, but it seems to be resetted once in a while.

BtT:
Gateway don't work with my Android Tablet at all