HTTPS or HTTP over TLS (formerly SSL) is no longer an optional component when you build a Web site today: It’s a requirement. Encrypted connections hide traffic on the wire and make it much more difficult to hijack HTTP connections or steal valuable cookie information to reuse in playback attacks. TLS can also prevent a host of drive-by and man-in-the-middle attacks that are all too easy to instigate over non-secure connections in any public space. TLS keeps data secure while users are sending and receiving data, making it much harder to "listen in" on a connection on the Web. It’s not a panacea for all security issues, but it’s big fat low-hanging fruit to start with, and your site should proactively encourage this secure-by-default behavior.