It is a serious risk. Don't do it! Use HTTPS 👍 If your infra is on AWS, Certificate Manager does it in a few clicks. Same with Netlify for static sites. For everything else, @letsencrypt or zerossl.com

Everything that the user's browser touches has to be HTTPS. This document talks about the details of several related attacks if you're interested tools.ietf.org/html/draft-ie…