Is it really that difficult to implement an Https website? To be fair, of the big six, Dreamstime and Stockxpert both use Https. But the others don't. I'm under the understanding that Https will encrypt everything; thus, making it more secure. Perhaps the other sites use something else? Not a rant, just curious.

We pay $800 or so a year for securing the 9 websites of Zymmetrical. It is well worth it, in both consumer confidence as well as real security. Considering many photographers are on the go and traveling around, you never know who is sniffing your packets.  I don't know anyone that would trade off a fraction of a second in increased pageload time on a few key pages like registration, login or shopping cart, vs. the potential of having their account or worse credit card info compromised.

Yup I kind of thought about that after answering - of course everything can't be encrypted right now - it's basically just too slow to be practical.  Maybe in a few more years when everyone has fiber to the door, people can be entitled to encryption on everything they do, but for now it's just not a reasonable tradeoff. Security has to start at the source: the business practices of the companies that deal with the data. As we've seen lately, even Facebook makes (political) blunders with such data.