When using HTTP Digest Authentication, Safari warns "Your password will be sent in the clear" which is not a true statement.
This is problematic because it makes a login that is (more or less) secure seem very insecure to the user.
If you want a quick way to setup HTTP Digest Authentication, phpMyID uses it. Otherwise, Apache has mod_auth_digest which is also easy to setup.
This issue is not in WebKit, but the CFNetwork framework that WebKit uses for network communication. It was fixed in Mac OS X 10.5. Closing bug as INVALID to indicate that the bug is outside of WebKit.