My domain host says that security is very important to them (unless it involves sending your password for the mailing list across the internet):
As much as I would like to tell you the opposite the mailing list interface is handled by Mailman, which is a legacy application running on a separate service. Due to how that server is configured, SSL cannot be enabled on that interface, so it is expected to load over HTTP.
A quick web search was able to show me that there is a manual for Securing Mailman’s web GUI by using Secure HTTP/SSL (HTTPS) and when I pointed this out the agent and asked what the plans were for upgrading, they said:
As much as I would like to tell you the opposite, there are no plans into enabling the usage of https for the mailing list servers. I’m going to document your feedback and escalate this to our internal team, as concerns like this help prioritize security and usability improvements. In the meantime, accessing it via a different browser or Safari Private Mode is the current workaround.
At least the support team was honest.
