That's wild, I didn't expect any security-centric website in 2016 to be HTTP-only! The reasoning for not doing it is weird too, they could at the very least move the update logic over to a separate SSL endpoint.
Anyway, I'm not quite sure on the differences between them but I've been using KeePassX for years and recommend it thoroughly (as long as you're not looking for a easily synced or multi-user product): https://www.keepassx.org/
> That's wild, I didn't expect any security-centric website in 2016 to be HTTP-only!
Both of the websites for PuTTY (www.putty.org and www.chiark.greenend.org.uk) are also non-encrypted. At least the downloads are hosted on a third server (the.earth.li) which does use HTTPS and 2048-bit GPG signatures are provided.
putty.org is not owned by the PuTTY developers; after some arguments the two parties came to an agreement about the use of the domain name, but you should not trust putty.org.
Anyway, I'm not quite sure on the differences between them but I've been using KeePassX for years and recommend it thoroughly (as long as you're not looking for a easily synced or multi-user product): https://www.keepassx.org/