Gratipay: Possible User Session Hijack using Invalid HTTPS certificate on inside.gratipay.com domain

Good evening team! This is a theoretical risk but I thought it was still worth reporting since every endpoint and any data flowing through inside.gratipay.com is unencrypted. POC https://inside.gratipay.com And every sub directory under inside.gratipay.com. Description Since the certificate is on...