I only have one site doing financial stuff (not yet gone public) and it has a security certificate; i.e., HTTP = no certificate and HTTPS = certificate.