In future if this bot will run as a commercial project we will do more efforts to improve the security and of course will add SSL. But now during the testing we don't have enough resources.
Although currently even if the site will be attacked we don't see what an attacker would steal valuable. In the register form we ask only user name and password for your cibitcoin.com account. Btc-e API keys does not allow to steal your funds. They are only to get btc-e trade information and to place orders.
Wow. As someone who does website design SSL implementation is easy and should be a priority for this type of site. If you don't have enough "resources" to do about 4 hours of work, then you're in trouble.
Secondly, what would an attacker steal that is valuable? Crikey. What world do you live in? First off, it would crush your "business". Secondly there are lazy users that reuse account names and passwords which could lead them to major theft on other sites, but then it appears you don't really care about their security anyway. Based on that I have to assume your database is probably not even hashed or secured properly.
Lastly if someone steals your API keys they could sell off everything you have in your account just to drive prices down for their own amusement and possibly profit.