The default login seems to refuse secure auth.... but I found a login link off the "Create Blog" page that claimed it was secure, so here I am logged in once again.
But that seems an utterly wrong way to go about it.
Are people just logging in in the clear, or is there some saner trick?