How simple would it be to
1. Allow/default to an HTTPS connection
2. Do whatever "verifying" the site's "identity" entails
? If either would be relatively trivial to do, I think it would be worth doing.