With BIGACE 2.5 RC2 we introduced a simple form of SSL support, that should be enabled to make sure administrative data is ALWAYS encrypted. If you do not encrypt that data, attackers (man-in-the-middle) are able to read your passwords and other secure data using methods like packet sniffing.

You can activate SSL in your /system/config/config.system.php, using the keys:

define ('BIGACE_USE_SSL', false);
define ('BIGACE_URL_HTTPS', 'https://'. $_SERVER['HTTP_HOST'] . '/');

Make sure BIGACE_URL_HTTPS points to your SSL activated server or SSL proxy.

Using SSL is HIGHLY RECOMMENDED!