Another +1 for HTTPS . My ThemeForest account got hacked recently, and I certainly don’t want that to happen again.
I had a similar experience on CodeCanyon… Person sent me an email asking for help along with their wp-admin details, I get back from florida and they are claiming I destroyed their site.
Now I never opened the email so its not like the leak came from my end, the user later found out they had a vrius. (After of course they bumb rushed my comments page leaving tons of negative and false information.)
I also agree its time for HTTPS as well