Published on 12, July, 2020
Firefox highlights the fact that the online community is insecure and information submitted (such as passwords) can be viewed.
I have contacted the web team asking for the site to be made secure.
It depends on what you view as "secure". Yes the site is all http (clear text). Most sites are. An SSL cert costs money every year and puts a strain in the server having to encrypt all the traffic. There is a free SSL site (the name escapes me). It doesn't change the server load. This may mean that it's just not possible to serve enough people, and encrypt all the traffic with the current resources.
Look at what it actually does. The only real issue that I see as requiring https is the login / registration. This is where your username and password fly across the internet. Outside of that, does it really matter if your posts or comments are in plain text? For some people it will. This is a public forum, so anything I post (like this reply) is public anyway, so what does it matter if someone is sitting watching the packets fly across the internet? It only matters when that information is sensitive. With https they can still see that data, they just can't read it.
The other advantage of an SSL cert is that you can look in the address bar to see that it's definitely the right server, not a scammers server. If you go with the free SSL option, that WILL show alerts in people's browsers that it's not independently verified. To get a proper verified one, it costs a lot of money every year (a problem for a charity). That warning in people's browsers would probably cause more hassles than the issues it'd solve. That's not even starting on whoever is doing the IT work having to deal with LOTS of browser / cert support issues.
Gordon said:The only real issue that I see as requiring https is the login / registration. This is where your username and password fly across the internet.
And, having logged in to reply to this thread just now I noted that the login page is indeed using https.