This link works on HTTP, which makes it vulnerable to Man in the middle attack. Scenario: I can make it the home page on a local network in a public place, and I can see all the packets sent and received, like comments sent to a moderator before being posted.
We have many many hundreds of sites that are available over HTTP. It's something we intend to fix, but it's going to be a long process. Thanks for bringing it to our attention however!