Isn't using an unsecure (ie not httpS) url bad when dealing with contact information? Doesn't this mean yahoo is transfering the contact data without any encryption? Am I missing something obvious?

How does yahoo secure data retrieved from http://social.yahooapis.com/v1/user/{uid}/profile ?