Yes, just like any stolen vehicle will be down to poor security of owner's garage, so car makers should never protect their vehicles with anti-theft systems.
Security is only as good as the settings in the users router, most hacks happen because WiFi is in adhoc mode or has never been configured and is on but not used by the home owner, so that is the fault of the modem vendor and the ISP you buy from for not stipulating a more secure default set up, even with the more secure systems, the fact that a default setting is still used, in all my encounters with modems, the default settings have been adhoc wifi with a login of admin and the username also as admin, when I was on a hardline, the passwords were the allocated telephone number to the property and in that case, if you changed the password, the ISP got a bit shirty because they would remote in to resolve network problems or make changes to the router like increasing bandwidth or the other way...
So security is realy down to the end user and I don't see that security position changing. As for the car analogy, not a very good comparator because car manufacturers have to build in a minimum level of security just like many systems that do require some level of security, unfortunately with the world of the internet, this concept is not implements, people want to "Plug and Play" which is 99% of the problem.
So when it comes to websites, just because a site has no https, does not mean that it is insecure, what happens in the backend is only going to be the same thing under https as it is under http. So in the case of this website, there is no need for HTTPS because the type of information you give the registration is not in legal terms "Sensitive Data" which if you were passing banking details, you would expect HTTPS and not HTTP.
If you sign up to any site, you are at risk and the biggest risk is the site owner and what they do with your data, HTTPS or not HTTPS, I can tell you from personal experience with a very well known web site on coding that a situation arose where my paypal account got hacked and whilst speaking to paypal, there was an account login attempt from a user in Florida and the previous user was UK based, this so called professional web site abused my data that I registered through HTTPS pages. After the autopsy of what happened, it became apparent that the hack came the admin of the site in question because the type of information requested in the registration was no different than on this site, only difference is that I know that the type of forum software that group used actually stored plain text passwords... on here, only the hash value is stored.
So if I signed up via HTTPS to a web forum that stored plain text passwords, that was where my security failed, putting my faith in HTTPS. Had I not lapsed in my concentration, I would have not used the same email address that is used for my paypal account, nor would I have inadvertently used a password that was similar to that in my paypal account that was used in the site registration.
Generally as a rule of thumb I have three email accounts, one is top level and personal, my bank and anything that needs securing with an email account like my bank, government, local authority all are using one account, web sites I use a different account and passsword. A third address is my back up alternative account for recovery.
What had happened is I had crossed my wires, this is why paying attention to what you do on your PC is important, like you may have heard many times before, the weak point in any secure system is the user. In my case, I blame my self, so in real world terms, there is nothing wrong with the security of this site. If the site adopts HTTPS, which has been discussed, it would be overkill and an overhead that for delivery of a site that is mainly text, is really an overkill, for login and registration purposes, a good idea.
On the whole HTTPS is a tool for a specific set of uses, every tool has its purpose and IMHO it is not needed on this site, there is nothing to secure between the user and the server, we are in what I call a stuffed shirt scenario, people in offices coming up with ideas to justify the need for something just because they want to dupe people in to handing over more money for things that are not needed by the masses so these stuffed shirts can justify their jobs in the industry.
If you can, for any valid reason, beyond login to a site can justify the need for HTTPS on a site like this that is non-sensitive information, be my guest, knock yourself out, make your case.