Potential password disclosure via MySQL query
Currently, sec_check.php passes the password, in the clear, to the MySQL database for verification. While the password in the DB is hashed, it is possible for the clear password to be captures in a log. Passwords should be encrypted prior to sending them to the database for verification.