It would be trivially easy and relatively cost free to put security certificates here and get https working. I've set up both vBulletin sites and the better XenForo to do so. You don't even have to buy the certificates anymore. There's a open "Let's Encrypt" source for them now. I've offered assistance to the forum folk here before, without even an acknowledgement.

Yeah, the value of EAA is small potatoes secruity wise, but other people running vB have been severely hacked by bots, so it's just a matter of time if the administrators bury their heads in the sand and do nothing. It's particularlly problematic if people use (they really should not) the same passwords and user names on multiple sites. The "junk" user id and password I use on such inconsequential sites now shows up compromised by Googles security checks. Of course, I need to be careful because some of the forum sites I administer deal with REAL MONEY (they're tied into a several different payment processors).