[PLejeck]

I'm suggesting that site operators need to use HTTPS. It doesn't matter if you use Rails, PHP, Node.js, whatever. USE HTTPS. NEVER USE HTTP.

It's as simple as that. Never assume that anything transmitted over HTTP is safe, because that assumption will come back to bite you.

[thibaut_barrere]

Exactly - use force_ssl true in the case of Rails.

[rmrfrmrf]

do you ever get a headache from sitting in this echo chamber all day?

[thibaut_barrere]

I'm not sure to understand (I see that you're likely using irony, but I'm not a native english speaker).

Are you suggesting not using SSL?

If not, can you clarify your point?

Thanks.