When a forum runs http (port 80), and not a secured connection with https (port 443), a warning page should be displayed prompting users to confirm that they wish to log in over an insecure connection. This page should be displayed for those that are registering and for people logging in. When a site does support https (port 443), there should be no prompt, warning, or confirmation displayed to anyone.
This is a security trend that is being adopted by Mozilla starting with Firefox 51.0, and by WordPress as shown here:
phpBB should take a proactive approach to this as well so that forum admins and site owners are encouraged to move their site towards https (SSL/TLS).