Is there anything preventing page alteration on unencrypted connections? There's certainly an incentive to do so.