HTTP transmits information unencrypted.
If you are using an unencrypted WiFi, everybody in the same WiFi can read which websites you read and what you send them, e.g. password, password cookies.
If your WiFi is encrypted, then 'only' every person/organisation/state through which your IP-packets are routed can read that.
Use HTTPS instead: example.com
PS: We don't auto-redirect to HTTPS so that in the event of a HTTPS problem (e.g. expired certificate) you can still access this site.