Dear Gw2Timer Team,
first: nice work!
but why it dont have an https protocol? there is an area for login and to store your api code. so it would be necessary to protect the user data or?
p.s. sorry if i wrote something wrong. my english isnt the best. hope you understand my issue.
The website runs on your computer. When you put in the API key, it is stored in your browser, not the website. Also, the API key is only sent to ArenaNet servers. I do not view or store your API key or any account information. I can only see what is on your browser address bar when you are on the website.
Because there is no https, other people may be able to spy on your API key when you use WiFi. The worst that can happen is people spying on your character's name, inventory contents, or traded items, which are all in-game information.
There is no password or personal information being sent because there is no login on the website. When I add user registration and passwords, then I will add https.