As http is not secure because traffic is unencrypted, would it not be wise to protect the members' exchanged data and implement https, which is the bare minimum for Internet security?
After all, there is a good chance that some of us use the same username and password for other sites than EF , and http does not guarantee one is "talking" to the true application serve .
https://www.eff.org/https-everywhere/deploying-https
Bookmarks