I didn't take a thorough look originally (I now wish I had as you've edited the markup), but all of your errors[1] were due to missing quotes on the type attributes on both your style and script elements.
HTML is an application of SGML and as such, possesses certain notation features. Because they were rarely used, and browsers have never really been proper SGML processing agents, these features are largely ignored but an SGML validator, like the one provided by the W3C still honour them.
The feature in question here is the SHORTTAG, and more specifically, NET tags. What this allows is a shorthand approach to including HTML elements. Instead of writing:
I <strong>really</strong> need your help.you could abbreviate it to:
I <strong/really/ need your help.Basically, you use slashes to delimit where the start tag and content ends, replacing the end tag with a single slash:
<tag attributes/content/Your style element, for example looks like this to the validator:
<style type="text">css>
/* ... */
</style>This is fine as HTML is concerned, but nonsense for CSS.
The script elements, however, prove more troublesome because of the slashes used in the comments. As the first slash in the style element doesn't occur until the closing tag, everything's reasonably fine, but it will close early for the script:
<script type="text">javascript></script>
/Encrypted Password script- By Rob Heslop
//Script featured on Dynamic Drive
/* ... */Notice the first comment is missing one of its two slashes.
The validator then encounters ampersands outside an element[2], so it complains that it doesn't understand them as entity references. It then finds a closing script tag, despite the fact that the NET tag earlier on already closed it, so it complains about that, too.
I'll understand if you didn't get that explanation. It's obscure, but I thought I'd at least prove that there is a reason for this behaviour. The important lesson is that unless you know when you can omit quotes around attribute values, never do so. Though browsers won't flip out as badly as the validator does, they will invariably have problems that you might not notice until someone tells you that feature X doesn't work in browser Y.
Note that John's fix with regard to the expressions wasn't necessary. That simply stopped the validator from considering them as entity references. However, if it parsed the script as you intended it do, the validator would have just considered them plain text anyway. It was coincidence, really.
One final note: this really didn't have anything to do with accessibility. It was a HTML question. :)
Mike
[1] With the possible exception of literal ampersands (&) in attributes. The only URL that might have originally contained them was off the right-hand edge of my screen, so I didn't see it until John mentioned it.
[2] Elements like script and style have their content marked as CDATA - a data type in SGML. Entity references like & aren't expanded, which is why literal ampersands (&) are acceptable. Note that entity references are expanded in attributes (even if they are CDATA) and in most other elements, too.