We may at some point switch our whole site over to HTTPS, but not yet. I think currently we set the login page to HTTPS but then redirect (without the password data) to a non-HTTPS page as the post-login target. That's more secure than it all being HTTP, as the password is sent encrypted in such a case.
To switch to fully HTTPS we would need to do more careful testing (and possibly development) to ensure that stuff like http:// images posted on the forum don't cause failures for pages to render in particular browsers.
(Click to enlarge)
#2352 - Compo.sr website: Insecure connection
To switch to fully HTTPS we would need to do more careful testing (and possibly development) to ensure that stuff like http:// images posted on the forum don't cause failures for pages to render in particular browsers.