A page on a microsite is not fully protected by an SSL certificate. This could allow an attacker in a Man-in-the-Middle position to obtain usernames and passwords of users visiting the site.
On the Red Dead Redemption subpage, the comments section on news articles allows registered social club users to post comments. When posting a comment, the user first has to login, which appears as if it is done over a non-secure page:
Note the warning in screenshot 1, firefox has identified that this page is not protected with an SSL certificate, therefore the username and password will be sent over a plaintext connection. In itself, this may be enough to put some users off using your page.
Interestingly, if you manually change the address bar to be https, it does redirect to a https version of the same page, albeit with a mixed content error (screenshot 2). This indicates that an SSL certificate is in place for this page, however not all requests are sent through HTTPS by default.
Once submit is pressed on the comment, it appears as though the request is sent over a HTTPS connection (when seen through Burp Suite or Wireshark), which suggests that the page does protect the username and password with SSL/TLS, see packets 167501-167519 in screenshot 3. Although this will work in most cases, there are techniques that can defeat this, such as using the sslstrip tool. There are several in-depth descriptions of how this works, such as this one
An example of using this is shown in screenshots 4 and 5 below, which was carried out solely on my own computer and against my own user account (scrapsH1).
If a user were to visit this page from a public or shared network (eg, starbucks, airport, library, etc) and submit a comment, a malicious user on the same network would be able to obtain that users username and password by conducting a Man-in-the-Middle attack using sslstrip and wireshark.
This would allow the malicious user complete access to the user's account.