Actual behaviour:
The default connection is unencrypted. Tokens can be sniffed by malicious network attackers, patrons at Starbucks, the NSA, etc.
Expected behaviour:
The default connection is secure. Users are sending their authorization tokens unencrypted which is insecure by default. Please fix.
Actual behaviour: The default connection is unencrypted. Tokens can be sniffed by malicious network attackers, patrons at Starbucks, the NSA, etc.
Expected behaviour: The default connection is secure. Users are sending their authorization tokens unencrypted which is insecure by default. Please fix.