User blog comment:DaNASCAT/FANDOM Increasing HTTPS Support To Improve Security/@comment-33345763-20171028105507/@comment-27345308-20171028155842

When you log in, you provide a username and password and the server returns you an access token cookie you send back to it every time you view a page (so you don't have to send your username and password every time). Logging in is encrypted currently, so nobody between you and Wikia can steal your password, but somebody can steal your access token cookie because most pages you view are not going through an encrypted connection, and then they can do actions on Wikia through your account without knowing your password. At least as far as I'm aware.