Absolutely right. I will give an update on the next deployment update.
Thanks for pointing this out. We will have this fixed in the near future.
Thanks for your attention to security! I will look forward to checking out the beta site.
Is this reported at all in other browsers, or are Bitcoin users (who should know better) clicking through browser warnings as they never, never, ever should? Im guessing that
at least all Firefox users get the same warning. I guess also I could fiddle with s_client and figure out what the problem actually is...
As for epochtalk.org, this is actually static content so there is no need for SSL at the moment.
Hey, its a cypherpunk thing! (grin) Encrypt the whole Internet. A free certificate from
letsencrypt.org, a few minutes twiddling the webserver, use public-key crypto to control your personal fortune... It all fits together, no matter whether a site is static or not.
N.b. that injected Javascript can harm users, even on static sites. In the wild: NSA does it, some ISPs do it, and skiddies with firesheep on the wifi do it, too. TLS is needed on every site.