I am ready to deploy my Web2py application. I have named my app 'init' to set it as the default app. Currently, if someone were to enter http://mypythonanywhere.com/admin, they would receive an "Admin is disabled because insecure channel" message. If they entered that URL with https, they would arrive at my Web2py Administrative Interface login page.
Is this considered insecure? To my understanding, the admin page is still inaccessible without the password. However, I'm not well versed in security, and have read in the Web2py book that the admin and appadmin should be disabled altogether--link here Web2py Deployment under Securing Sessions and Admin.
To all others who have deployed Web2py apps on Pythonanywhere, were there any other steps you had to take to secure your webapps?