My bank (Score 1)

My bank, who I also happen to work for, has this problem still. You can login to their "Internet Banking" to look at your accounts from their main page (plain old HTTP). I did find that if you click on enough "Internet Banking" links from that page instead of logging in, you will eventually get to an HTTPS page where you can login to the same "Internet Banking" services. They should just only have a login link on their main non-SSL page to the HTTPS page but, then again, I'm not too surprised, being an employee of the company. Unfortunately, I work on the back end (mainframe) where security *is* tight as a drum. I couldn't possibly have any say or even make any suggestions to an area of the company like web development though. And you wouldn't believe the b.s. we go through at this company when it comes to change management *shudders*. Yeah, they make a big stink on that main non-SSL page about how your ID and password are protected with SSL "the second that you click Login" but would it be so hard to just replace that main page login with a link to the real SSL-enabled login page. Oh, and their login, of course, doesn't work with password management like Keychain or Firefox or anything since it's some chunk of JavaScript code. Just another annoyance.