Nope, fitty had it right the first time. The login is over https and this stops anyone sniffing your password (so long as you check it is actually https and not http before you enter it), but viewing topics and posting is done over unencrypted http. This means that the cookie used to authenticate you after you've logged in is also sent unencrypted over http and anyone who's sniffing your traffic can clone your cookie and gain access to your account.

This is exactly what the infamous Firesheep extension for Firefox allows an attacker to do; a lot of sites have this issue.