I recently set up a page https://franciscorrigan.wordpress.com/2000/01/01/contactme/ it includes a contact form, for security I always send links to it that include a httpS prefix, to ensure it is visited over and encrypted connection.
However, below the form I added a source url, as a note to visit the httpS version if visiting it over a plain http url, the problem is even though I include the S in httpS, when I view it online the S has been removed, very odd auto removal of the secure S, that has wide implications. This could mean that at wordpress behest if can remove the S from any url posted on it's wordpress.com blogs, whihc raised many critical security issues, especially for those blogs accessed in hostile locations.
To get a better idea of the issues please download this doc:
The blog I need help with is franciscorrigan.wordpress.com.