Note that it's possible for an unencrypted (http://) Web page to have a form such that when you submit it, the information you filled out in the form is sent encrypted (https://) so that it cannot be easily eavesdropped. I believe that's how logging into your MP account from the home page of www.united.com used to work. Although the change is slightly less convenient, it enhances the user comfort level, even if it strictly speaking doesn't actually increase the level of security. People who find an extra click all that annoying can bookmark the new login page rather than United's home page anyway....