HTTPS can be enforced via https://noc.wikimedia.org/conf/remnant.conf. I had a thought today that wikimediafoundation.org should be HTTPS-only. Subsequent thoughts added doubt. For example, the wiki doesn't really get used for donation forms as much these days, I don't think, so some risk is mitigated.
But... it's still a weird fishbowl wiki that allows strange uploads and raw HTML, so it wouldn't be totally unexpected for it to enforce HTTPS. I think it might be nice to have. Filing this as an enhancement request for consideration.
Version: wmf-deployment
Severity: enhancement