The tutorials in the wiki like
do not warn that they make one send passwords unencrypted. Please use ('https', 'en.wikipedia.org') as an example to avoid this. Also it would be better if mwclient would use https by default and require the user to use http explicitly. Btw. does mwclient verify the servers certificate?