It's 2018 and this site still stores clear text passwords (truncated to 8 characters, apparently), sends those passwords via clear text email, and uses clear text HTTP by default.

There has already been a breach, almost a decade ago, where passwords got stolen (including mine), and TLS certificates have been free through Let's Encrypt for 2 years now. I find the continued use of clear text HTTP and passwords very irresponsible and wonder what's keeping the dear admins from implementing modern security measures.