Comment by jMyles

5 hours ago

If this is true, it seems like a much more serious vulnerability than I was expecting when I clicked the link.

And it's obviously an oversight; there is no reason to intentionally opt for http over https in this situation.