This is going to seem a bit harsh, but I stumbled across something worth sharing. Over at time.com, they were running a poll on the front page asking users to pick which team will win the Super Bowl. The poll is created by a company called Second Thought, Inc.. Two things about the poll worth criticizing.

First, the poll results page is a near complete ripoff of ESPN.com’s polls, but uglier. Really. You can’t see this now, because they’re down (more on that in a sec), but it’s a stunning lack of creativity.

More importantly, though, was that while checking out the company, I found out their admin URL scheme. And the best part was that when you go to the admin pages, you can simply bypass the login scheme by clicking “Cancel” on the login prompt. That’s pretty much the height of incompetence. I didn’t try it, but I read that folks have changed the text on the polls without any problem. On Time.com, by the way. Imagine if someone had gotten in with malicious intent on one of the political poll questions? Push polling via Time.com, anyone?

Don’t worry, I emailed them because even a ripoff shouldn’t get hacked by someone. It looks like they’ve taken the app down so I feel OK posting this. They list ESPN as a client so I’ll probably be in touch with folks over there to take a hard look at whatever work these guys have done for them.

If you have these guys do work for you, have someone competent on your staff audit the security. This is good advice any time you use outside contractors, even if they’re hosting the app on their own servers, just to protect your brand.