In reply to dommc:
> Another issue with not using HTTPS is that the password you use to log in here travels unencrypted over the Internet, and should therefore be considered a compromised one. Not so good if the password is used on other websites as well.
If you use the same password across other sites, the chances are you've already been part of a data breach.
A good way to check is to have a look at Troy Hunt's excellent site:
https://haveibeenpwned.com