http URLs should be replaced by httpS where possible in sources, documentation
The README discussion in #1029 caused me to look more closely at the file than usual.
There are at least 4 instances of http: URIs that should be https:
There are quite a few http: URIs in the doc tree as well - but you can't do a global substitution. For example, there are references to the statistics channel, which does not support SSL/TLS. Except for those special cases, pretty much everyone supports https: - for security, for search engine ranking, to avoid browser warnings. And because it's now best practice.
Most of the http: URIs redirect to https: (including the Mozilla license and the XSL schemas), but this doesn't prevent MITM issues.
Of course these aren't financially or privacy sensitive references, but knowing ISC's interest in internet hygiene, I thought I should point them out.
In the medium-long term http is being defacto deprecated. (None of my external-facing sites have responded to http: for years...which until recently, dramatically cut down on the unwanted probes.)