I have a question regarding security and the base64_encode() function. Lets say that for some ungodly reason that someone hacks and gets access to my database. What would stop someone from taking the encrypted strings and manually putting them into a base64_decode() function on their own script and can figure out the string. This defeats the purpose of security doesnt it? Or am I misunderstanding this? Any help is greatly appreciated.