What about https / SSL?
Are you expecting customers to log in openly via HTTP? And you expect your customers funds will not be stolen and then you won't get negative attention after that?
I mean, it hasn't happen now only because of your volume but eventually it will happen unless you enable secure connection to your website.
And yes, I also warn customers: your coins can be stolen quite easily by almost any http sniffer.
Yes, we are aware of this danger. As i said, tomorrow we are migrating into new server with ssl on it.