We are doooooooomed!

There is nothing inherently wrong with the web going all https. I agree that it does give some folks a false sense of security, especially when people start ignoring certificate errors and just accept every notice they see just to get through without understanding the consequences.

But http over SSL has other benefits other than encrypting your web session with a given web server including mitigations to some injection attacks, particularly those involving ad networks.

So yes, https isn't a foolproof method to secure the web, but that's not a reason to not encourage https. That's like saying locks on doors are worthless because people can break them, so why bother locking doors. Security whether Information or Physical is going to be a layered approach. You're not going to use just one single security method. You will use multiple security procedures with the hopes that a failure of one method or procedure will not result in a catastrophic loss.

HTTPS was for thwarting man in the middle problems, those aren't the most prevalent form of "hacking".
Generally it's a website you went to, or an "ad" on the website, or something you downloaded that gets you into trouble.

If you need to surf sketchy web sites use a virtual machine, they are not as hard to set up as some think.
Keep a base image of the VM, routinely trash the one you're using every month or so and replace it with the "clean" base VM.
And turn off clipboard sharing and folder sharing on the VM.

No matter what, I assume everything is tracked and recorded, also there are a lot of LEO here so anyone acting up probably goes on a list.

If you're unclear on what might be problematic to post, just pretend you're sitting in court and the prosecutor is reading your post... are you uncomfortable?
Then don't post it.

That info icon though.
That screen grab image you posted shows an info icon (in address bar to the right of the home button) instead of the secure lock icon typically seen when logged to secure site. Have you clicked on it to see why it's doing that?

This is not necessarily true. In particular, on a site set up to use SSL, passwords are typically sent in the clear. I build web apps for a living, and this is generally how I do it. I haven't actually checked how the calguns server works, but it's possible that it takes passwords in the clear, given that it's set up to use SSL, except it has some weird redirect thing going on.

This does cause SSL/TLS to be used, but as soon as you navigate anywhere else, it drops down to http.

Yo! Why you hack me dude?

Probably insecure calls to images, css or 3rd party sites. The new july version of chrome gives more info but I have not tried it with the latest version.

Yes, but only if you capitalize the "1234".

Why bother grepping and manually changing resource files? A reverse proxy to host the SSL certificate and a rewrite engine is all that's needed to dynamically rewrite files and URLs mid-stream.

Or, GASP! we could have a gofundme to allow Calguns to purchase a license for a CMS-based modern version of vB, that dynamically generates site resources and has global SSL that actually works, and beef up security at the same time.

What a concept.

I don't think money is the issue. Kest has tried to upgrade in the past and too much stuff broke.
Here is some discussion

Money is always a factor. The licenses themselves are cheap $300 or so for vB5, but the conversion (time) and additional hardware and configuration (materials) costs add up.

Looking at that thread, none of them seem as good as vB5. vB4 can still run vBAdvanced, so that's a possibility, too.

The biggest issue in any upgrade is retaining functionally while getting the enhancements. Plugins will be translateable (even if needing triage and custom coding) across vBulletin. If a new platform is chosen, all that goes out the window.

I'm not sure of the specifics for the comment of vB5 being a resource hog. It brings a ton of new features that might be useful. In most cases, disabling these should render similar performance to the older versions.

vBullein also has a hosted option where they do the upgrades for you and you pay by the Megabyte of traffic.

I have no idea what hosting costs are for Calguns currently, but it's at least worth a look.

But, I do get why vB5 turns many people off: it's a CMS-based model and can look more like a social-media presentation than a typical forum board. And it's that way because they merged the blog and forum parts together, under the hood.

But you can still do straight forum presentation, such as: https://www.hdherd.com, or https://www.m1garandforum.com

Of the other ones Xenforo is probably the leader.

Hey, at least we're not getting all those ridiculous spam messages we were getting several months ago
Who do we thank for that?

....and that would be the Mexican California State Attorney General.