Use and force HTTPS and HSTS

The fact that such a popular site does not support HTTPS on the majority of its website is very poor. Our information on ROBLOX is private, for some of us we can may even rely on it for income; and so our information should be treated with due care.
ROBLOX have even acknowledged that their security is poor in the past (Remember those notices about using a VPN at RDC?).

I believe that ROBLOX should as soon as possible start using HTTPS on all pages. And begin forcing connections to be in HTTPS by using HSTS.

We are aware of this need and have been working on it.

This should definitely be a priority. Also worth supporting is HPKP, which prevents compromised certificate authorities from causing too much damage. Supporting it essentially requires adding a HTTP header, like for HSTS, so it would not require much work.