No it's not Windows, happens on Linux too.
It's just that recent versions both of Firefox and Chrome are more upfront about telling users about the risk that they are about to commit login credentials through an insecure channel, and the browsers now show that warning message for any and all login forms that aren't accessed by https.
Simply put if you transmit a login through plain http, that does mean the password could be picked up if someone's 'sniffing' into the connection, that's most likely to happen in situations where you're connecting through a public access point.
It's exacerbated by the fact that Xenforo transmits the password in plain text in the POST request to the server. See here ...
https://xenforo.com/community/threads/password-transmitted-in-plaintext-possible-solutions.47417/
Some other systems implement a bit of security there, for instance using a perishable keypair created for the login process.
With Xenforo, seeing this, I guess it's clear the only thing to do is implement HTTPS or continue as usual. (The idea about hashing discussed in the linked thread is nonsense)
There's an addon called LoginSecurity
https://xenforo.com/community/resources/loginsecurity.5286/, the one benefit it supplies is '
Users have the option of being emailed when they login with a new IP' i.e. if someone took over your account you would get one warning mail for the attacker's first login before they change your password and remove your email address from the account