Currently, any user that creates an account on this site, logs in or interacts with the site, forum, records, etc. is doing so "in the clear".
I'm an avid fan of cyber security and have followed Steve Gibson, a security researcher, for at least 7 years:
There's absolutely no reason not to use HTTPS.
Don't take it from me though, here's google's opinion:
I use randomly generated passwords that are unique per site, however, if anyone else doesn't they're essentially writing their password on a display board.