A critical Drupal vulnerability was recently patched and disclosed that allows a hacker to trivially take over a server running Drupal - https://arstechnica.com/information-technology/2018/04/drupalgeddon2-to…- .
Various having groups are furiously trying to take over every unpatched server on the web running Drupal to install crypto miners and the like. How Brian and team are aware and taking the appropriate steps.
Also, this site does not use https. Don't use a password that you're not ok being compromised.
To be honest, the new website cannot come soon enough.