But major's point is that when he clicks a link to log into a group, the URL won't equal login.yahoo.com. It will equal http://login.yahoo.com/config/login?.done=...c=ygrp&.intl=us. Yes, it will contain login.yahoo.com, but we talked about auto-submit only working with equals for security.
The more I think about this, the less I like the idea that I HAVE to use "When URL Equals" in order to use Auto-submit. I understand that the reason for this is to protect against submitting a password to a spoofed site. And for many people this may be a good thing - but - it is not a one size fits all situation.
For instance, I would use the auto-submit for all of my low-risk sites - those sites, were if my username/password was compromised, would not threaten my financial informtaion or enable my identity to be stolen. These are sites like: newsvine, yahoo, gmail, any forums or support sites, etc. For example, there really is no risk if my password and username to the PMW forum was compromised.
Also, my 'home page' is actually an HTML page on my hard disk that contains all the links to my regular sites. The only way I go to secure sites is through a link on my 'home page'. This is another level against url spoofing.
All in all, it sounds like you (the universal you, not just Eric) are trying to protect me from me - and in doing this you are making it harder for me to use the software in the way I would like to use it - doesn't this sound an awfully lot like Microsoft's attitude.
So my suggestion is to implement Auto-Submit so it defaults to "When URL Equals" but allow me to change it to "when URL contains" - please.
(I hope that doesn't sound angry - it's not <g> - it's just really hard these days to feel like I'm in charge of my own computer!)