Can you please explain the cartoon? Eve hacked into Bob's private messages because he cheated on her with someone named Alice? I don't understand how that connects to public key encryption or why it is funny?

Alice and Bob are the traditional protagonists of an encryption scenario. Eve is the traditional eavesdropper.

Could you elaborate on the difference between HTTP and HTTPS?

HTTPS is secure, using end-to-end encryption for the message body.

I think I understand the basics of encryption, but what does it mean to encrypt a session key with the server's public key?

Public key is really powerful, but it's also slow. So what happens in practice is to use public key at the beginning in order to exchange as session key, that is then used to encrypt the rest of the conversation (session).

Can you explain more about the angle brackets and &lt& tag? Not sure why it’s needed.

Consider how you would print a quotation mark in Python. Hmm. A string ends when you get to a quotation mark, so we need some "escape" sequence, like \"

Similarly, since HTML elements start with an angle bracket, it's hard to display one on the page. That's where < comes in.

Could you explain the XSS attack example where the text is

        <img src=""http://nasty.xxx/""> 
<script>window.location = 'http://nasty.xxx'</script> 
<em onmouseover=""window.location = 'http://nasty.xxx';""> 
    mouse over me!</em>

We'll do a demo today

Would you be able to provide an example of what an XSS attack would look like in code and how we should modify our own code to prevent these attacks?

Flask does this for us automatically. However, there are time when we need to bypass those automatic protections, so it's important to understand what it's protecting us from.

Where are the different places passwords/secure info can be stored, other than the source code that is pushed to GitHub?

Files that are on your laptop or on the server but that are not in the GIT repo. For example, ~/.my.cnf