intertwingly

For all the reasons that Joseph Scott described, you really want to access WordPress AtomPub service documents using SSL/TLS.  Unfortunately, if you look closely at the current APE report, you will both see https and authentication warning.

The reason for this is that even if the service document itself is obtained using a secure connection, with WordPress 2.3, the document itself provides non SSL/TLS URIs for collections and category documents.  The net effect of this is that the important parts of the conversation are not secured — among other things, this means that your password is passed only lightly encoded.

Ticket 5298 and this patch addresses this problem.  Once that patch is committed to SVN, the warning will disappear from this page on the next hourly run.