The login pages here are secure (httpS) but as noted, the rest of the site is not. We store no financial info or other sensitive content here and we long ago changed login pages (where password data is passed) to meet current security standards.
The primary reason for not changing the rest of the site is that we have thousands of links in posts to offsite images and content that are not https. ALL those links would break. As the www updates it will be easier to make this change but for now we would rather retain that content then break it.
The reason is a little convoluted but here goes:
Last year google began to push websites to use https instead of http as a security update. A few months ago they began to actually began to display that little red triangle;"not secure" on browser address lines.
The forum software is built on an http platform but we hand coded an update to make the LOGIN page https. This is the page where user credentials are passed and the only sensitive data we store. Once a member has logged in the site reverts to http (and the alert begins to display in browsers). Using https on all pages actually breaks some things the forum. Offsite links and hosted images no longer work, ads don't display, photos, etc.
So... as you login the page is secure (https) but once you have logged in the regular site is http. Since no login/pass info is being sent on these pages we believe this is safe and reasonable. There's little we can do to change this until we move to a new forum software platform which eventually we will have to do.
You can read more about the google alerts here:
https://www.wired.com/story/google-c...-secure-label/