When your browser requests an HTTP page, it is sent in "clear text" meaning that it is not encrypted and could be intercepted and read along the way. When your browser requests an HTTPS page, it first creates a secure connection with the server, and the browser and server agree on how to encrypt the communications between them. Assuming that everything is working correctly, the data sent to and from an HTTPS page cannot be read by anyone else. It is fairly common for websites to use HTTP until the point that you need to submit sensitive data, such as your login, at which point they switch to HTTPS. If you want to submit your login on an HTTPS page rather than trusting the site to do it right, you can enter an invalid login such as asdf for both the username and password. Usually the "try again" page will use HTTPS so then you can be sure the login is being sent through an encrypted connection. Now... the encryption only operates between your browser and the server. On the server end, the data is readable, and on your browser, the data is readable. Therefore, you still want to make sure you trust your add-ons and other software on your computer since they have access to the actual data you enter and receive back. Finally, it's a good idea to sign out of the site after you complete your transaction, and close the window you used to access it. This makes it less likely that someone else with access to your computer can poke around in your account.