User blog comment:Rappy 4187/Technical Update: March 8, 2017/@comment-11733175-20170308232857/@comment-3474542-20170309134344

 Cqm stated: It's worth pointing out that while Helios might be considered secure, pretty much anyone using a bot sends their password over simple HTTP because that's all the API supports. Storing the password more securely is good and provides protection if the database is compromised for any reason. Not using HTTPS to log in allows for man-in-the-middle attacks which can simply steal your unencrypted, plain text password and all the hashing in the world won't save you.  THIS! So much THIS! It doesn't matter how securely you store the passwords, if you're sending them insecurely via HTTP, it's a huge security issue. Please, please, please! Migrate all of Wikia to properly configured HTTPS (preferably using at least TLS 1.2 or better).