The site is with very weak security overall: https://securityheaders.io/?q=http%3A%2F%2Fwww.thewildbeast.co.uk&followRedirects=on
How come security is a minor issue on a site with a login form?
we're not taking any personal details. All bug comments are publicly visible. https is better, of course, and that will happen at some point, but it is low priority - there's little to protect here.
BTW, there is a self-signed cert here on this domain.
I am sure you know much better than me that HTTPS is not for protecting "here" but what happens between "here" and "there" :)
*** This bug has been marked as a duplicate of bug 3323 ***