The option to always use HTTPS was made available to users back in March 2011, but they had to turn it on for themselves by changing their account settings - something that tech neophytes surely wouldn't think of doing without prompting.
Twitter's very nature and the fact that many, many users are used to tweeting from unsecured Internet connections - public wi-fi networks in airports, hotels, shops - means that anyone equipped with the Firesheep Firefox add-on can easily get hold of their login credentials sent via unencrypted HTTP sessions.
But no more.
"Now, HTTPS will be on by default for all users, whenever you sign in to Twitter.com," says the service. "If you prefer not use it, you can turn it off on your Account Settings page. HTTPS is one of the best ways to keep your account safe and it will only get better as we continue to improve HTTPS support on our web and mobile clients."