CSL Dualcom operate an installer shop which is used to order Dualcom units. This handles personal information, including a username and password.
The site is not protected by TLS at all. Credentials and any other data will be sent in the plain over the Internet.
This is not acceptable in 2015.
This was reported to CSL in June 2014.
Update
As of 14/11/2015, the site now uses TLS and is configured correctly. Why was this not done before? Why did it take exposing it on a blog to happen?