As it is, all traffic, including the login forms, appear to travel
unencrypted. Could you get SSL service enabled on this machine, and
encourage its use?
I will look into implementing this in the near future.
Thanks, https:// URLs appear to be working now! Would you consider making
it default, by redirecting the login form to it?
Should be default now.