More than eighteen months after being first brought to Cupertino's attention, Apple gets around to addressing insecure logins to the App Store (http://arstechnica.com/security/2013/03/after-leaving-users-exposed-apple-finally-https-protects-ios-app-store/). In theory, this could be used to view lists of installed apps and make unauthorized purchases."Yep, they were sending login information over plain http.