I think it would be good to get this on the FAQ because I would expect this question to arise.....
All the browser links are operating on pure HTTP so userid & password go via the Internet in clear text, as do the other pages. This perhaps isn't a major issue for a lot of info but for personal data such as address/phone/DOB it's not ideal. OK - so this is only a singing group application does it really need such security, well only each chorus can probably answer that question but I can't imagine it's that expensive to get an SSL certificate for the server.
Sorry if I missed something but let me know if I've missed that this is an option.