This is my thinking too. The use of HTTP is bad, but the real issue is trusting a third party with large amounts of potentially very sensitive information. Especially when the service in question was designed for people checking the spelling and grammar of their blog posts, something designed to be shared anyway.