Hi Spine team! Why do you only have your SSL certificate active on the Spine payment page, and on the Login/Register pages here on the forums? Just have it apply to every page! Then the browser won't do that red lock icon with the "this connection is insecure" message all the time.
My logged-in-as-user token gets sent in plain-text whenever I load a page here on the forum, which may as well be my password as far as phpbb3 is concerned. All the esotericsoftware.com https urls already get rewritten to http, so just reverse that and all is well. Probably worth doing!