The only real benefit https would add is making it more difficult for intruders to intercept username and passwords at the time of login. This adds extra costs for the host because you need to pay to have your ssl certificate signed every year. The effectivness of https is extremly debatable too. Even with https in place, the user database is subject to its own vulnerabilities.
You cannot rely on forums to keep your information secure. They are being run on a shoestring budget which means most of the staff is volunteer, hosting is provided by an economy hosting service on an entry level plan with basic firewall and database offered.
To make things worse, most people use the same username and password for every forum they are a member of. All it takes is for one forum to get their database dumped, and they have access to thousands of usernames and passwords with email addresses that they could use to login to paypall, banks, other forums, etc. all because of the same password being used over and over.
Instead, use a password service like LastPass. You pick one good password for the main app, then it auto generates random 20+ character passwords for all the websites you use. It can do an audit on all the accounts saved in your computer and automatically change alot of them for you. Apps for Android and apple will automatically fill in username and password for all the sites and apps you use. This way if one site is hacked, you only have to change the password for the one site, not all of them. How many times does a forum database get dumped and the admins don't even realize?
If you use a word or any part of a word for a password it can be cracked very quickly. To a dictionary brute force script, the difference between the password "isolated" and "1s0LaTed" is minimal. All my passwords are the maximum characters allowed by the site and look alot like: "gdIj65vj#5)9hKhy6" and i dont have to remember any because my password manager enters it for me.
__________________
|