Security of a login system depends on trust of the individual developing the software. The per-request check (for want of a better name!). This is the same as .