Right now people end up on https when they log in, but the URLs in emails are still using http, so if someone opens the site from an email, they'll be back on http. I think it would be better to prefer https, especially if we're ever going to get round to going https-only.