TLS in the Control Panel

When I just logged on to the Control Panel, I noticed that the connections is not TLS-encypted.

As this way all transferred data like passwords, email addresses of the accounts etc. are send in plain text via the Internet I want to know if this is a bug of if you do not have encryption via TLS set up at all.

Although you will see http:// in the address bar of the Control Panel host page, if you look at the page source, you will notice that the frame for the Control Panel is wrapping this secure https:// address:

So all the interactions with the Control Panel take place within the secured HTTPS frame.