[security] Password is shown in logs and submitted in plain-text

The documentation for the uploader also gives the example server URL with http, which is especially bad because that means the password can easily be intercepted. Luckily specifying https does work and makes it a bit more secure.

Nevertheless it would be better not to expose to password in the logs or any GET parameters (as this ends up in webserver logs, or proxies).

Thank you for the report. We will release a fix soon.