It would be nice to allow the login info to be sent to an https url instead of a plain http url to wrap the login in SSL. I tried it manually and it worked just fine. Logging in via SSL and then redirecting the user back to the regular non-encrypted site works, so there would need to be an option to stay in SSL mode or drop back to unencrypted mode after login.
The admin module also needs a setting to require SSL for that module.
|Passed: 12810 passes, 0 fails, 0 exceptions|
|Failed: 12734 passes, 4 fails, 2 exceptions|
|Failed: 12722 passes, 4 fails, 2 exceptions|
|Passed: 12781 passes, 0 fails, 0 exceptions|
|Failed: Failed to apply patch.|