ensures that the html form attribute is set to POST if for some very strange reason someone visited that html page and tries to submit it with a real password

src/Umbraco.Web.UI.Client/src/views/common/dialogs/login.html

@@ -1,4 +1,4 @@
-<form name="loginForm" ng-submit="loginSubmit(login, password)" ng-controller="Umbraco.Dialogs.LoginController">
+<form method="POST" name="loginForm" ng-submit="loginSubmit(login, password)" ng-controller="Umbraco.Dialogs.LoginController">
     <div id="login" class="umb-modalcolumn" ng-class="{'show-validation': loginForm.$invalid}">
 
         <div class="form">