Automattic needs to draw more attention to the secure login page on WordPress.com. It exists, so why not direct users to it? There are support pages on configuring your dashboard to run through HTTPS, which is fine, but as long as the login process remains unencrypted, some information is still left exposed.
If a user blogs through an unsecured Wi-Fi hotspot (as many travelling bloggers might do), all it takes is someone sniffing while the user logs in for his or her account to be potentially compromised.
Until Automattic provides a link to make the secure login page more obvious to users, you can navigate to https://wordpress.com/. And don’t forget to update your bookmarks.
On a related note, Twitter seems to be in the same boat. You can navigate to https://twitter.com/ to get their secure login.
Image: Asim18 via Wikimedia Commons under GFDL