The title says it all. Why is the website not https? I am sending my password when I log in; it feels like bad practice?
You’ll have to ask Edward. I don’t host this site, just the old forums.
Probably because until somewhat recently that could be a potentially annoying and pricey setup, especially for a wildcard cert. Now days you can look into Let’s Encrypt and similar free SSL certs. Google is also now considering non-ssl to be a hit against your page ranking so Oskar is right it’s a good idea to get setup.
In the meantime it’s always good practice to use a unique password for every website you access, I personally use a password manager, any of the major offerings will do well.