The XMPP account (so movim.eu) is decorelated from the mov.im pod we deployed as a public instance to show up the project.
You can connect on Movim (and mov.im, the official pod/instance) using any XMPP account. movim.eu is just one amongs all the others.
You have to differenciate Movim as a project that particular instance deployed as mov.im and the Movim XMPP server that we deployed from the project. I know it might be a bit confusing so if you have some ideas to clarify things up do not hesitate :)
I think this is the same problem matrix has: you end up entering your login details on foreign domains. There's really nothing stopping them from capturing that login via malicious javascript and using it for some malicious mitm, or just saving it to try on other services (you can't expect everyone to use a randomly-generated password). I don't see why you couldn't just enter 'server.com' (your xmpp server) and have an OIDC flow performed (the same complaint goes for matrix).
I have my own XMPP server ;-) and I understand the underlying problem here. I mostly wanted to point out that for a new person to quickly try out Movim this might be a stumbling block. As another comment suggested using something like OAuth to smooth this out might help.
- registration happens on https://api.movim.eu/register and firefox provides me a way to generate a password and save it linked to that domain.
- now I want to log in at https://mov.im/?login but firefox has no idea that it should use my api.movim.eu account for that.