As far as I can see there is currently no support for encrypted communications with the Gameolith site.
Due to the commercial nature and personal data, I think it is absolutely vital to provide that in the near future.
Gameolith.com now has full SSL support. SSL is enforced at the checkout and when signing into the site.
Well, the "sign in" link does not enforce SSL... So please change that and the password reset (and change password from the user profile page) links to https. I'm not a specialist, but isn't there a way to actually disable non-SSL access for all pages under /accounts, so that accessing them with an http:// link is impossible?
Everything under /accounts on Gameolith.com enforce SSL usage, so password reset links will use SSL despite the fact HTTP links are provided in e-mails. We'll be changing the e-mails soon to include SSL links.
I know this is marked as completed, but while it is possible to manually switch to SSL login by entering https:// in the URL, it is not enforced by default. After logging in the navigation remains non-SSL (but that is not such a big issue, although I feel safer with sites permenently keeping me on an SSL connection like gmail does).
Another thing is SSL when resetting the password. I just did that and got a normal non-SSL link.
Starting an online store without SSL is like... starting an online store without SSL.
Sorry, I couldn't think of anything else quite so irresponsible.
It really doesn't engender confidence in the site, when basic security is deemed a lower priority than "scaling". Especially at a stage when scaling REALLY shouldn't be an issue.