It looks as if logins are sent over HTTP and there is no HTTPS support. It is possible the form submission is going over HTTPS but I’m not sure without digging in further.
I would like to suggest if it is going over HTTP that HTTPS be implemented for the account information.