You are having the users transmit passwords plaintext within TLS.
This is true, but this is how many sites—including itch.io—work.
The second is that makes me believe that you're storing unhashed passwords.
Passwords are salted and hashed before being stored in the database.
Players! DO NOT USE A PASSWORD HERE THAT YOU USE ANYWHERE ELSE! This game handles passwords in in a potentially unsecure manner.
Players, please follow this advice for every single website or game you ever touch regardless of their security practices; password managers like LastPass or KeePass will help facilitate this.
Finally, if anyone wants to avoid providing a password to Bot Land altogether, just use a guest account to play.