I built a site where users log in to access a document library.
The data protected does not require a high degree of security so ssl was not used. They have a client complaining that their username and password are being transmitted in clear text and in return, complaining to me.
At what point do you consider ssl important? It doesn't seem realistic to need to require this when the data protected is not sensitive. What do you all think?