No encrypted login means your password is not kept secret, and if you use it in more than one place those accounts are insecure as well. More importantly if you are using openid your openid is directly compromised.
No SSL means your profile information (which may contain important details about you such as your email that can be used by identity thieves to impersonate you) is exposed to the world.
No SSL means anything you do is trivially intercepted, including things that you have a reasonable expectation of privacy with, such as sharing contact details with someone on a PM.
No SSL means that when a moderator browses the forum, which likely logs IP addresses viewable to a moderator, then someone intercepting a Moderator's connection has a nicely way to gather IPS of users, making it easier to collect this smorgusborg of user information.
No SSL means that someone can trivially perform a man in the middle attack on you, and make an embarrassing, illegal or illicit post in your name without even having to know your login.
It's really inexcusable to run a website in 2017 that does not at least attempt to be secure.