is it standard practice to send login information/account registration information over https? or is it an overkill?