UPDATE:- HTTPS/SSL is supported now for improved security
how is it secure when the miner is still using insecure http to send the user and password?
You can only change any settings with the account password, which really should be different from your worker password (which is only used for accessing the API, getting work and submitting shares, so nothing bad can come of others knowing it).