[ambirex]

It really shouldn't be a major issue to fix, I've encountered this before.

Since they are using S3 (guessing by the second to last comment - http://support.droplr.com/discussions/suggestions/153-https#...) they can use amazon's SSL url

so: http://files.droplr.com/files_production/acc_1927/xkcd?AWSAc....

would become: https://s3.amazonaws.com/files.droplr.com/files_production/a...

The only reason not to would be to hide the fact they are using S3, but the AWSAccessKeyId tips their hand anyways.

[natrius]

The combination of the wrongness expressed in that thread and how easy it is to fix made it excruciating to read. I'm embarrassed for them. You can't say on your homepage, "Everything you share is stored secure and safe in the cloud" then say that security isn't a high priority.