First off, I don't specifically understand what's going on here. Ping me if you'd like to get the link and do some forensics. Essentially, you go to the typical locked-down Apache site with lots of fake Paypal material. It asks you to click another link and then you get some sort of strange mini-browser that causes your main browser to auto-supply your email and password. I stopped the script before it could do any harm, but clearly they are piggy-backing on a real site here.
The header of the mini-browser appears above. Click it to see the full screen. I wouldn't normally post these but this one was so unique and I haven't had my coffee yet. I got so freaked that I went and changed my Paypal password. I changed it to 1234.
UPDATE - Slashdot picked up the trail as did Bachelor Ben. Thanks, faceless horde!