[sethhochberg]

I'm familiar with a few sites which used to be this way with the login form directly on the homepage, and removed those fields during the internet's transition period from HTTP to HTTPS for all pages. Browsers started flagging pages which included password fields as insecure, even if the form containing them submitted via HTTPS (which was arguably a fair assessment). The solution for many sites at the time was simply to move all login to a distinct page which was served over HTTPS, and leave all other pages as HTTP. Back in that day the opinion of many site operators was that HTTPS was going to tank advertising revenue, so they avoided it whenever possible until the browser vendors forced their hands.

In many cases the homepage login forms took years to come back, after we got to a point where virtually every site was all-HTTPS on all pages. In some cases they never did.