The site is not protected by TLS at all. Credentials and any other data will be sent in the plain over the Internet.
This is not acceptable in 2015.
This was reported to CSL in June 2014.
As of 14/11/2015, the site now uses TLS and is configured correctly. Why was this not done before? Why did it take exposing it on a blog to happen?