Leaking security information? Your plain text connection performs the leaking not the server. If nastyfans members go always to nastyfans.org to sign in then they will use TLS and the credentials will be secure.

I maintain nastyfans.org and have responsibility for the security on it.

analyzer.nastyfans.org is a different server and is maintains by naypalm. Users must always be careful of phishing attacks. This is not the first time his server has vulnerabilities. Perhaps it is unwise to allow analyzer.nastyfans.org to point to naypalm's server. Users can be misleading to think it is the nastyfans server.