At this point, any site asking for passwords and such over HTTP actually is malicious, when you consider the amount of people that re-use passwords.