Somehow I don't like this statement: "We've implemented https so you don't have to."
Just because authentication itself is secured over SSL doesn't make the whole site secure enough. For some things, it might suffice, but it's not something you should publicly recommend IMHO.
Just because authentication itself is secured over SSL doesn't make the whole site secure enough. For some things, it might suffice, but it's not something you should publicly recommend IMHO.