[dasrecht]

Whats the point? Sensitive Information like the login page is secured by https (which is a great thing) but why encript the data you don't need to have encripted?

It's (for me) pretty simple. they force the users to use http because the amount of cpu time which is spent for http user is lower than the time for https...

just my two cents

[mentat]

Reading about Firesheep you'd find out that the session cookie is passed in the clear and acquiring that allows you to steal someone's session. This is easy on WiFi. That's why it matters.

[dasrecht]

Eew... i'm sorry. i didn't realized this point... you're right sir! this behaviour isn't good...