Not sure why you are being downvoted but this is exactly correct. We had, as an industry, been so focused on PCI during this time and TLS was and continues to be the most important aspect of the protective technology. SSL/TLS had already made e-commerce viable in the 90s and its power was well known and being applied for the decade following. Being in 2011 without full ssl for authenticated access was quite bad behavior indeed. Maybe excusable for some low rent bulletin board, but perhaps that is what the commenter was operating. I have no clue.