Depends on what you call hacking.
If we run simple security penetration testing tools we get the following vulnerabilities:
- No HTTPS (this is critical since everyone between your device and the server can read your plain text password)
- Cross-site request forgery
If your friend is inside your network, then I'm pretty sure he can scan your network traffic (since it's not encrypted) and get easy access to your account or everything else on the page.
On the other hand, if it was that easy for someone outside your network, then probably we all had our web sites deleted before.