HTTPS (SSL, TLS, secure connection) support

Is there a reason that TV Tropes doesn't support secure connections? Adding support for HTTPS, as seen on Wikipedia, would protect known tropers from getting their cookies firesheeped by an attacker.

HTTPS takes quite some CPU power. Since this site is CPU-bound anyway, I guess it would drive costs up for Eddie, so I'm not sure it's financially viable.

Everything I read, such as this page, claims that the CPU hit from encryption pales in comparison to the CPU hit from other things on a dynamic web site.

A lot of the overhead of SSL relates to creating new connections. So one way to minimize that is to reduce the number of connections that need created, and one way to do that is to improve caching. I've noticed that a lot of pageviews aren't cached properly; the back button often appears to trigger a reload. Improving cache hits might reduce the CPU time used for HTTP as well. So might other tips listed in this article by Chris Palmer.

The whole reason I brought this up is that I know someone who's considering becoming a known troper but is afraid of getting his credentials stolen. He tells me he uses Tor to minimize the number of unencrypted hops between the exit node and the destination server, but in another thread, I've read that you're planning to ban editing from Tor exits. Perhaps as a trial, the site could allow HTTPS only for known tropers and for the "get known" page. How much CPU time is spent on known pageviews compared to anonymous pageviews?

Tell that user to create a unique handle and password for TV Tropes. Problem solved. Honestly, unless he himself is in a high security risk occupation or is engaged in illegal or quasi-illegal activity, he is being far too paranoid about snooping. Nobody cares enough to snoop a TV Tropes account. It's a solution in search of a problem.

edited 29th Aug '12 6:29:50 AM by Fighteer

Unlocking briefly to note that this request should be discussed in this topic in case people come across this one.