I have recently been provided access to the
community.joomla.org admin panel and was surprised to learn that not only is there no SSL, but there isn't on any of the websites.
I am raising this as I believe it should be something that is mandatory on all administration sections, and a nicety to provide on the frontend. A wildcard SSL certificate is
£79.99 P/A from 123-reg (I'm sure shopping around would discover cheaper/better options).
I've also been informed that hosting is powered by cpanel which means the setup of such a certificate is very simple, and then only needs to be setup to be used in the admin panels as optional on the frontend and mandatory on the admin.
I know this may not be a priority, but for how cheap a certificate is to cover the entire Joomla project and how simple and quick it is to setup the benefits hugely outweigh the cost in time/money.
If there is no budget to purchase the SSL certificate then we can quite easily use a self-signed certificate on all the administration areas which is free.