They need to fix it, maybe purchase an SSL certificate, if they don't have yet. Because we are talking financial project here. Just my suggestion here.
and your suggestion was good for improving the security, they indeed need it. Strong project may also need strong security. Also because for financial, people should feel safe and comfortable when using the website.
I notice that this project hold a campaign, I think OP should update the link for the "bounty thread" button.