The risk of injection attacks using HTTP is too great to allow a site that allows both HTTP and HTTPS...
