User blog comment:TimmyQuivy/HTTPS Next Steps: URL Changes for International Wikis/@comment-35982440-20180722042133/@comment-31955138-20180723162232

@KockaAdmiralac it was a start but sending other pages to logged in users over HTTPS but still left people open to Cookie Stealing.

Note: In the computerphile example the flaw is with comment sanitization. The problem that you could run into with Wikia is that the site was sent over an insecure connection and could have parts added to it. I suspect this is why HTTPS is being rolled out to logged-in users first.

Disclaimer: I may be wrong and there may be something in the authentication system to prevent it.