Hi, sorry it took a while to get back to you on this. I note that you haven't logged into the site since about half an hour after you posted your question, so you probably won't see this response, but hopefully it'll be helpful for other people wondering the same thing.
We've had a lot of trouble making infrastructural improvements like HTTPS because most of the physical hardware that ACC runs on is privately owned by the site's original founder,
jader201. We, the volunteer staff members, don't have direct access to it, so any changes to it are difficult to arrange - partly because Jader has moved on in his own life and is not really directly involved with ACC any more, and partly because the site itself runs on really antiquated technology that's difficult to work with.
(To be specific, for those of you with a technical bent, there is no version of IIS that is both old enough to run the ancient version of ASP we use and new enough to be able to interpret the modern security certificates issued by Let's Encrypt. So in order to set up full HTTPS, Jader would need to personally set up an on-premises reverse proxy and certificate renewal. He hasn't worked in the web sector for quite some time, so he's understandably not thrilled about needing to pursue that task.)
We're currently making steps towards relaunching the site with newer technology and an interface that's easier to use, and in fact we've already successfully moved some parts over to the new ACC, which is hosted with
Heroku. You'll notice, for example, that the login pages are currently hosted there, and are only accessible through HTTPS. Although it's not visible to end-users, everything associated with payment processing for donations to the site's upkeep also goes through the same servers. I don't have anything new to announce right now, but you can be assured we're working flat-out to get the relaunch ready as soon as possible.
(Final note: This sticky thread is for discussion about ACC's privacy policy and data protection practices, so a conversation about security is kinda off-topic. If anyone has further questions about HTTPS - or indeed anything else related to the ACC 2 project - I'm happy to continue answering, but I advise asking them in a new thread on the
Site Suggestions or
Site Support board, as appropriate.)