@wpackagist website needs to support SSL. All packages are at risk to #MITM attacks, and problematic with @Codeanywhere composer defaults.