Wouldn't people just offer everything for "sale" at say $1 million? Then you would be "stealing" because you are depriving them of the million dollars you could have paid. Feel free to replace 1 million with "a number sufficiently large as to discourage sale, but low enough to evade any arbitrary cap or 'sanity test' that may be introduced in a misguided attempt to thwart this approach".

Unlikely. Honestly, I really think YouTube's google's ace. Do you really think if they switched formats the result wouldn't be something similar to "Hello IE or Safari user, click here to do automatically install this WebM plugin to continue using YouTube" that 95% of all users wouldn't just do it the first time they saw it. As long as the switch was painless, and they left a (harder to find) back door link to watch videos in H.264 for a little while for the sake of those who have problems with the plugin, it would probably go off without a hitch.

What makes you think it's impossible for a battery to charge at 60 times the rate it discharges? It's already designed to discharge at 30KW. Most batteries are an array of cells all of which would be charging in parallel so heat may not be an issue, especially if this one has a large number of cells (as previous electric cars have).

As for getting 1.8 Mega watts (DC) from your home grid, others have already mentioned the likely need for a charging station composed of other batteries or capacitors being topped off slowly.

Also, not all methods of moving charge are equal, think about this. If it takes me 1 second to swap out a car battery containing about 1.8MJ (pretty low actually), I've just "charged" my car at a rate of 1.8 MW. No heating involved.

It's too bad the battery is likely too heavy to just swap (or cycle out whatever medium is carrying the charge) as that would be the obvious solution here.

I think you may not understand how a cryptographic hash works. In the scheme you are describing, the password is typically hashed on the client side (along with some value specified by the server which changes every time). When the server gets the hash, it hashes the password (as stored in the DB and possibly also hashed) along with the same value and compares the result. Regardless, what this plugin does is not steal passwords, but simply looks for authenticated credentials (usually cookies). See, once you authenticate, the server gives you a cookie (your session identifier) that you pass back with every request to prove you are who you say you are. Since the traffic is not encrypted, this can be intercepted by anyone on a network between you and the facebook servers. If you live on a college campus or work for an ISP, this could very well be many people. Even if Facebook is smart enough to tie this session to your IP, it's likely that someone in a correct network position to sniff your packets can also viably spoof your IP (both sending and receiving). This is effectively the same as them hijacking your account except the ability goes away when your session expires.