Even over HTTPS, some of the data is left unencrypted, leaving a door open for attackers through DNS Spoofing. During Spoofing, attackers on a local network can abuse this to conduct trivial attacks.