Given that the protocol encrypts all client-server communications by SSL/TLS authentication, attackers can't intercept data, which means users can safely enter their own information. SSL/TLS is particularly suited to HTTP, as it can offer some security even if only one side from the conversation is authenticated. This can be the http://XXX