Two related issues:
1. Logging in through the forum isn't HTTPS, while the main site is. The forum seems to switch over to HTTPS after logging in, but the login itself happens over HTTP. At least, that's the case if I login from the quick login box at the bottom of the forum index, I haven't checked whether the login page redirects to HTTPS.
2. Logging in through the main site doesn't always log me in on the forum. The pattern seems to be that if I visit the forum while not logged in, it creates a guest session for me which persists even after I've logged in on the main site, requiring me to login separately (and unsecurely) on the forum. If I get logged out but login on on the main site before I visit the forum, the forum logs me in automatically.