I'm rather confused by when the message boards uses a secure HTTP connection and when it doesn't. For example, the top level page of the messageboards (https://secure.paizo.com/paizo/messageboards) is secured, but the level one down from it (http://paizo.com/paizo/messageboards/paizo) isn't. Making new posts is, and quick-reply posts to a secure URL, but viewing threads is still regular HTTP.
Can we get an all-https version? Are there technical reasons we can't?
Generally we switch to encryption when a user is passing potentially sensitive information (credential, etc). But like many general rules, there are some exceptions :). Switching to always using https is a potential solution, but the encryption/decryption adds processing time on both ends, so there is a potential for some reduction in efficiency.
Long story short, it's something we're looking at, but we're still weighing the pros/cons.
Generally we switch to encryption when a user is passing potentially sensitive information (credential, etc). But like many general rules, there are some exceptions :). Switching to always using https is a potential solution, but the encryption/decryption adds processing time on both ends, so there is a potential for some reduction in efficiency.
Long story short, it's something we're looking at, but we're still weighing the pros/cons.
Just to let you know - and I don't know this is necessarily useful - but Google has started weighting search results based on if the content is available over SSL.
SSL processing overhead in modern server hardware is miniscule. That's no longer a good reason to not do it.