The forum login form and POST location are not SSL secured. This should be updated asap, you are risking customer information being leaked over http