That only secures the transport, not necessarily the source. Especially without a checksum or digital sig to verify the source, it's a little weird of an oversight for a company like 21.
How would that checksum or digital signature be distributed?
HTTPS checks for authenticity of source (it uses digital signatures). Now, I guess there could be a rogue CA which creates another certificate for 21.co, but excluding that it's fine.
HTTPS checks for authenticity of source (it uses digital signatures). Now, I guess there could be a rogue CA which creates another certificate for 21.co, but excluding that it's fine.