I would suggest moving the Login and Profile/Settings to be HTTPS enabled to avoid passing credentials and other private information in plain text. This can be accomplished with minimal effort and if the site administrator reads this, they can contact me privately. I'd be happy to assist.

Thanks!