Profile and Edit user pages should be secure too
|Reported by:||Denis-de-Bernardy||Owned by:||ryan|
With admin_ssl off, and login_ssl on, the profile page ends up insecure. It should at least send its POST request over SSL, since a new password might be set.
And possibly use a secure form as well (see #10267).