This site has been operating without a SSL certificate for quite a while now. I've considered bringing it up before as it is a huge security issue, but I've now definitely been breached due to this. I received a fairly obvious blackmail template scam email in my primary email account. In that email, they identified a password I had been using (without saying where it was used). Thing is, I use a unique password on every site and service I utilize, so it's fairly easy to identify where the security breach came from. In this case, the exposed password listed in the email was from this site - it's the only place I use that particular password. Without an SSL certificate it's impossible to encrypt communication between a client machine and the site, so it means a bad actor can intercept information and easily access it due to it not being encrypted. For those using the same username/email address/password on multiple sites, this creates a huge risk of exposure/potential for account breaches. I'd strongly suggest getting a SSL certificate into place as soon as possible. There are free services around if paying for one is a problem (they can be expensive from some providers).