Unencrypted logins pose security risk for all accounts. HTTPS should be enabled for all pages that allow logins.