Dear MailChimp Security Team,
First off, thanks for the great work! The Lantern team has been using MailChimp for a while now and we're very grateful for the service.
We're concerned though that when our users POST their email addresses to https://getlantern.us2.list-manage.com/subscribe/post?u=0ac18298d5d0330dcda8f48aa through the signup form on our site, the page MailChimp serves them over https loads javascript over http (e.g. http://downloads.mailchimp.com/js/jquery.mailcheck.min.js). This makes it possible for a man-in-the-middle attack, where instead of getting the javascript they're supposed to get from your server, users get attacker-controlled code. The malicious code could harvest their email addresses (which get rendered in e.g. the "already subscribed" error), trick them into submitting more information to the attacker, etc. This isn't just a theoretical concern. Our users actually do live in places where attacks like these are unfortunately all too common.
Your ht