FA has SSL login- so your password is protected. As far as I know, it'd still be possible to hijack the session, especially on an open wifi network where you share an IP with the target, like that say at a hotel hosting your friendly local furry convention.
There might also be a possibility to wreak havoc via Flash- the script security settings on FA are not what they should be and theoretically one could interact with FA using Javascript embedded in Flash- accessing everything that a user viewing the submission could access.
I had a fairly elaborate idea of how this might work planned out in my head when I was bored at work- I have no idea if any of it is possible but with FA who knows.
Also, pretty sure that with Wireshark and Linux, you can access a lot more stuff, say, things on networks you're not signed on to but can still decrypt. For example, unencrypted networks with MAC access controls, WEP networks, or WPA-PSK networks with low password quality. I'd imagine all that extension does is kick your wireless card into promiscuous mode, which may or may not yield the desired results, especially on Windows. As far as I know, passive monitoring of the radio space around you requires driver support, something only Linux and maybe some BSDs have.
