Re: Why does TF not enable secure logins?
Well the hack actually occurred through a 3rd party plugin that we use. The site itself was never compromised, but enough data was kept in that plugin to make the reset last June necessary.
The secure login warning that you get is referring to the fact the site doesn't use https, which is a different kind of protection, designed to stop someone who is trying to intercept what you are typing, as you type it (a MIM attack or "Man in the Middle"). Since everything you type here is going to a public forum, the site has zero eCommerce, and the functions that could cause real havoc (admin tools) have extra security on them, it's never been something that was felt entirely necessary for the site. It's not just a switch we could flip on, there are compatibility issues that would need to be ironed out.
However, it's been on the "wish list" for awhile, and now that browsers are following Google's lead and flagging sites that don't use https, it's been bumped up the priority list. It's going to be added here in the near future so we can keep our reputation as a safe site. I haven't been given an official ETA, but it should be in the next month or so.