So I was trying to log on and realized that none of the log on forms use https, they all use http.
That means that your passwords are being transported in the clear across the internet and people can sniff them at multiple points.
This is an issue if you are in the habit of using the same password on multiple sites.
Of course, I could be wrong but I had to get a new password sent to me and during the whole logon and password change there appeared to be no use of https. I will investigate firther.