Security concern Only. Every modern well-designed sites should redirect automatically HTTP traffic to HTTPS. HTTP is in clear, traffic accessible to every TAPer's. HTTPS is clearly more secure since: - the site is authenticated (you know you are _really_ contacting the site you want to contact). - connection are encrypted (Ok: more or less efficiently, but still...)

And this site asks for a user ID and password, in order to log in, using credentials which are supposed to be sent in clear across the wire !!!

FF is right: don't connect !

More generally, Firefox may change the address from HTTP to HTTPS if

• Cached redirect: Firefox cached a redirect from the server in the past -- you can test in a private window to bypass the cache from previous sessions, or clear Firefox's web cache (How to clear the Firefox cache)

• Pre-loaded HSTS: The server name is on a list of servers that Firefox should only connect to using HTTPS -- doesn't seem to be

• Cached HSTS: In the past while Firefox had an HTTPS connection to the server, it was instructed to always use HTTPS in the future (can be caused by alternate subdomains on the server) -- unlikely unless you are an administrator of the site

• Firefox's HTTPS Only mode: You turned on this new feature -- more info: HTTPS-Only Mode in Firefox

• Extensions: You run the HTTPS Everywhere extension or similar extensions that upgrade your connection when possible