The login page should use SSL/TLS certs to encrypt data in transit between the browser and Old Reader's servers. HTTP version should redirect to SSL/TLS site. Ideally all of the traffic to the app would be encrypted, but a bare minimum should be the login page.