One nitpick, they aren't necessarily storing the password as plain text on the back end too. But yeah the page should definitely be https.
Doesn't take much resources to have an https forum, should be mandatory.
It's a must to use a separate password, username, and e-mail for http registration and login.
