We've had a self-signed SSL certificate for some time now (four years?) but it was self-signed and thus untrusted by most browsers.
Thanks to a kind donation by dkg we now have a "real" SSL certificate, valid for the next five years.
Installation was carried out in a rush, but I'll do it properly shortly. Any problems shout at me.
Thanks again, Daniel.
Update: I've also fixed the site to use a canonical host name, with the www. prefix now being used globally.