Plain HTTP means anyone between you and the server can see those credentials and gain access.
It it using HTTP Basic Auth by chance? It would be so easy to put nginx (or some other reverse proxy with TLS) in front and just pass the authentication headers.
I’m basically in the same boat as OP but this reminded me that I love learning languages.
Mandarin is a huge challenge but after programming all day, it’s actually incredible the way my brain feels after practicing with a tutor for an hour. Originally I meant to get away from the computer but ended up using an online service.