It is worth noting that in a few decades the forum will look nothing at all like it does now anyway. And security is likely to be much better.
We're probably talking about two different things as I mean the service offered by Let's Encrypt which issues 90-day certificates that auto-renew with certbot. And of course, one has to ask where the money is coming from, Let's Encrypt is transparent on this, https://letsencrypt.org/sponsors/ but of course, there is over a timeline of decades the risk they might collapse. In the long run we're all dead. Without being anything of a webhoster I've been able to install and use this since 2017 and it's remained free, but obviously not applicable here, so I'll shut up about it.Yes, you can use the certificate for free for a year. But then you have to pay.
This conversation seems to be going on in two different threads.I came to notice this thread by this post, and I strongly agree with what malins said above. It's pretty much a concensus among IT engineers nowadays that you should secure you website with HTTPS, if it accepts sensitive information like login credentials from its users.
While it wouldn't magically protect the website from every hacking attempt, it at least does for more trivially easy but dangerous ones, like running a network sniffer on a public network so you can collect login data from anyone who connects to non-HTTPS websites from the same network.
As mentioned above, HTTPS used to cost money but not anymore nowadays. Also, it's a common practice to run a cron job (a scheduler of a kind) to automatically renew certificates from Let's Encrypt, so it wouldn't take much additional efforts from site admins once setup correctly.
I noticed the thread later but I'll just use the linked thread for continuing the discussion about the matter in future.This conversation seems to be going on in two different threads.
As I said in http://www.cruxforums.com/xf/threads/ralphuss-site-gimp-forum-hacked.7972/post-514187
it's not a matter over which we staff have any control, though we can draw the site-owner, Image Maker's, attention to the question. But he pays the bills and deals with the service provider, XenForo, and any such change would be for him and them to agree on and implement.