Why is this forum insecure (e.g. not https)?

Even if the forum itself uses plain http, surely anywhere a password is set (registration & password change pages) should use https?