I was just going through updating passwords and such for sites that I use, and noticed for the first time that m4carbine.net does not allow https connections to the site.. this means that passwords, email addresses, and anything that anybody posts to the site are being sent plaintext between a user's device and the site.

There are many ways the lack of https could be exploited, but just one example: anybody who logs onto this forum on a public WiFi is essentially giving their login information and anything other information sent to/from the site to anybody who cares to listen to the WiFi signal. I'm nobody and I use a unique, randomly generated password for this site... but for LEOs/military folks who post here, or folks who use the same password for multiple websites, this could be very bad.

...this also means that site admins are logging in without https.

As a pro IT guy I strongly, strongly suggest m4carbine.net get itself an https certificate (or if it is a temporary configuration boo boo, fix it ASAP).