So as it stands, anyone who who is able to intercept web-traffic (e.g. a cafe wifi for example) will be able to see users login and password in clear text.
There is no cost to adding a https certificate ([Only registered and activated users can see links. Click here to register]
), just the time needed to configure the server to use it.
It seems to me like some time worth investing. Perhaps others agree?
I would be happy to try to do it, but as a relatively anonymous alias on the internet, I doubt you will give me the keys to the server.