Looking at user's concerns in "passwords" and "Identity Theft and Phishing" threads, I'd strongly recommend SF to introduce HTTPS. If there is any doubt on if it's necessary then I'd be happy to talk it in private messages.