What about https / SSL?

Are you expecting customers to log in openly via HTTP? And you expect your customers funds will not be stolen and then you won't get negative attention after that?

I mean, it hasn't happen now only because of your volume but eventually it will happen unless you enable secure connection to your website.

And yes, I also warn customers: your coins can be stolen quite easily by almost any http sniffer.