I have a user on one of my forums, asking about security through logins. His complaint is that our website is not HTTPS; so the login form is potentially insecure as data is submitted in the clear. Now, putting the forum behind SSL is not an option. As we do a lot through Twitch/YouTube/etc, and not all those services support HTTPS. For instance, you can't reliably embed a Twitch stream on an HTTPS server, since they don't have methods to handle that and you get mixed-content errors. Is there a way to make the login form more secure?