also demonstratable if you just go to without the https:// at the start

non-SSL links can be redirected to the HTTPS version of the site in htaccess so you can prevent users from seeing this

EDIT: I wasn't aware the default homepage does this, it seems to just be the forum