The latest EVE Online blog post by CCP Stillman discusses team efforts to keep user data safe and the underlying HTTP protocol used by the API feature. As a result of new and aggressive hacker attempts, the team is changing the protocol from HTTP to HTTPS to ensure that user data remains secure.
If you're anything like me, you religiously check the status of your character training and market orders on your smartphone. It's the greatest invention ever, especially if you can't log into EVE Online or EVE Gate. It's also nice to be able to pull out your smartphone at Fanfest and show off your nice skills and large wallet.
As we've added more information to the API, there's more incentive to try and acquire these keys by nefarious people. Due to the underlying use of HTTP when querying the API, it's possible to sniff the data stream of an API user and acquire their API key if they're using an unsecure Internet connection. This is not a good idea. And we don't want it to be that way. So we went ahead and enabled HTTPS on our API servers, which makes too much sense.
Read more here.