User blog comment:TimmyQuivy/HTTPS Next Steps: URL Changes for International Wikis/@comment-35982440-20180722042133/@comment-27345308-20180722104842

You do realize the login endpoint was served over HTTPS long before they started migrating all other pages to HTTPS so your username and password couldn't have been stolen?