Hacker News new | past | comments | ask | show | jobs | submit login

Only because having your stuff SSL'ed (not snoopable) is a binary state. And while you might have business reasons for not doing it, putting those above your user's safety is just plain negligent. In the same way that storing plaintext passwords and sending them around via email, or using SMS as a two factor authentication method is negligent.

So in a way, you're right. I'm not sure why that's a negative.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact