Your SmartStats and forum login page do not use HTTPS by default. I think they should use HTTPS to encrypt the username and password. I also have a question: Your support staff told me that the SQL Server remote connection from Visual Studio cannot be encrypted. Only the connection from ASP.NET can be encrypted. But what's the point of supporting encryption only in local connnections?
The odds of someone "sniffing" your forum user/pass somewhere between your home network and our server are so small --- that I can't even think of an analogy, it's so unlikely. A more likely scenario would be a keylogger on your computer grabbing your user/pass, and an SSL connection would not prevent that. I see that you are posting from China though, so I understand why you might have some security concerns. The likelihood of your traffic being monitored is much greater than someone else's might be. But I don't imagine we will be forcing SSL on the forum. The login is on every page and viewing every page of the forum via https is unnecessary.
For most people it's right. But for developers, the possibility of his computer getting infected by virus is very small. Why is the login on every page? I think you can use https on the login page. You can use a Token instead of a username/password on other pages. So the other pages don't need to be encrypted.
It would be nice if that were true, but our experience would seem to indicate otherwise. Maybe less likely to be infected, I'll give you that, but it is certainly not uncommon. Anyway, the chances that anyone is sniffing your network packets is still very, very slim and getting slimmer every day. The forum login is not exactly sensitive information (stats maybe more so, but still not a critical login), so I guess I'm just not seeing this as a big problem. I understand where you're coming from, but I can't honestly tell you that we're ever going to consider putting every login everywhere behind SSL... For convenience? I don't know, we didn't write the forum software so I couldn't really answer that.
