After login screen, the login.dll executable will launch game.dll, with the function ShellExecute, but :
.text:0041D608 push offset password
.text:0041D60D push offset user_name
.text:0041D612 jz short loc_41D640
.text:0041D614 movzx ecx, byte_46254C[eax]
.text:0041D61B push ecx
.text:0041D61C push edx
.text:0041D61D lea eax, unk_4624CC[eax]
.text:0041D623 push eax
.text:0041D624 push offset name_dll
.text:0041D629 lea ecx, [esp+3968h+CmdLine]
.text:0041D630 push offset aSSDDSS ; "%s %s %d %d %s %s"
.text:0041D635 push ecx ; char *
.text:0041D636 call _sprintf
Yes login and password are passed on the command line in plain text ...
