They don't have an SSL certificate installed, meaning they don't have a third party vouching for them. They don't have the internet version of a driver's license. More and more stuff cares about that now.
It is somewhat silly to expect an SSL cert here though. There are no credit card details and no place for me to upload my Gallo pics. I think http://www.ultimateknicks.com is okay though.
I will say the one place it matters is with passwords. Your password is not encrypted at ultimateknicks.com. So, if you are reusing username, password info on different sites, like your email or at a bank, that could be a big problem for you. if it is not https://www.ultimateknicks.com, I can intercept the traffic and read it. If it is https://, I effectively get carded before I can actually read what's being sent through the interwebs
martin, andrew, please just install the SSL cert, redirect port 80 to 443, and then this all just goes away. Let's Encrypt offers FREE SSL certs, and there's an agent that automatically renew it for you so you do it once and never do it again... here's an example guide:
https://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/
please guys, I do think this puts people that don't know any better at risk