The lack of HTTPS when using Comcast's XFINITY web mail is still beyond me. HTTPS is used when logging in, however everything else after that prompt is over basic HTTP (session IDs, inbox data, message data, contacts list, etc). I do not communicate much with my provided Comcast email, but I know others who tie a lot of services to it. Until Comcast provides standard web security, they endanger their customers as well as whoever else involved (paying Comcast or not).

Careful what you share with user@comcast.net.