I've enjoyed reading hundreds of posts here in recent months. Now with the bitcoin security mess I realize I have important contributions to make, so I registered to post.
To start off right I registered with a long, complex password with all 4 character groups (lowercase, uppercase, numbers, symbols), which will be unique for this site.
Then I logged in ... under plaintext http: .
It's time to for all bitcoin-related sites to lock down their username/password registrations, logins, and password change pages, because we have seen more than anything else in my recent memory how aggressively people will collect user credentials on one site (MtGox) to try using them on other sites (MyBitcoin/Gmail/Tradehill/etc.) when money gathering is a motivating factor.
It's also time for anyone who registered here ages ago to consider whether they've reused their passwords elsewhere.
(There's probably no clear need for all pages on non-financial sites like this one to be run under SSL while logged in, since the overhead could be an issue. But at least logins!)