That’s actually a concern that became bigger as the site grew more than I expected it would and so has HTTPS already a place on the to do list.
The logins won’t be intercepted on host-side by the way. The site is optimally secure and I am notified of any changed file on the server. But like you say it’s a concern and for me it is in the planning to implement before the end of this year.
Thanks for your concern, and greetings,