As this site does revolve a lot around trust (even more than normal FOSS projects), I think it would be good if it
- Used a real, non self-signed certificate. These can be very inexpensive these days.
- Defaulted to HTTPS. When entering through http://, automatically redirect to https://.
- Used secure (https-only) cookies. So if you accidentally type http://, your cookies wont go over the clear and your session can be hijacked.
Hey, Bitcoin is a cryptocurrency, we need to show we have the right stance on security/privacy and don't see it as a low-priority issue