I enabled HTTPS/SSL on CAAFlog more than two years ago, and haven’t heard any complaints (about that).
I plan to make that the default address on Monday morning. The site will still be accessible over an unsecured (HTTP) connection, but all internal links will default to HTTPS. The primary reason for the change is to simplify some things on my end (that I could probably figure out how to fix with code, but this is much easier).
Please let me know (by email to Zack@CAAFlog.com) if you have any issues accessing the site.