Server Safety
General
The safety of user data and traffic between server <-> user is ensured in different ways, some are even optional.
Password Hashing
Passwords are not stored directly, they are "hashed" which basically means a checksum will be calculated and this checksum stored... so we don't check your password, but the checksum (="hash").
Doing so will display upon a click of "login" a longer password than you typed in. That's because it gets "hashed" and then sent over the net.
This happens if you do or not do use SSL.
SSL
if you want, use https:// instead of http:// (mostly done automatically i.e. by Vista which goes normally directly to the encrypted page).
What does it mean?
The NejicompleteNeji traffic between you and the server will be encrypted, this means, if somebody tries to sniff out data, he won't have much luck.
The security level is identical to major banks and other institutes.
Note: This slows down the pages a bit, as they need get en-/decrypted every click.
Server Itself
Databases
From the outside, only services necessary are available. No direct database access from the outside is possible. You have to be on the server to do that.
Server Location
The servers are located in a datacenter that is protected 24h / 7 days a week and has restricted access including cameras and personnel.
Root Access
Direct access is done via SSH, which means everything I do on the server gets encrypted. If I move files in, they are encrypted, and so on.
Backups
In the case the server crashes, burns down, whatever, there are multiple backups each day in progress that get send to about 4 remote locations elsewhere in the datacenter and in another datacenter which is independent from the first one.
So in case a nuclear strike gets the first, the second will survive... but in this case, I think the least we have to worry about is the data of your char ;)