I only have one site doing financial stuff and it has a security certificate; aka HTTP = no certificate and HTTPS = certificate.