I've just noticed that Chrome was telling me the site was not secured. I took a little look and it simply appears that I was on the HTTP version instead of the HTTPS version.
It may be worth looking at either automatically redirecting to the secured version, or implementing some other relevant safety feature, particularly when you can log-in from any page.
Also when a username/password is incorrect, why is the text white on white? And yellow on white for the mouse-over? This has been the case since I started using the site and never thought to post a question to ask.