Quoted from pintim80:He said first of all the site is not secure and because of that he would never enter all the private information needed to register. His concern is the site could easily be hacked and more importantly would want to know what TNT was doing to secure every one's personal information?
Since your post received some downvotes, I'd like to point out that your friend is correct in that there is no SSL certificate on that site. So, any information you enter will be sent in the clear and readable by anyone. Name, address, username, password--none of that is being encrypted in transit from your browser and over the internet to whatever server the site is hosted on. So basically, if you were standing in a crowded room, you would be shouting your username and password for anyone to hear.
SSL certificates are fairly inexpensive. You can get one for as little as $20-$30 for 1 year.
Personally, I would not submit any personal information to a site without a secure connection.
Would it be a target for hackers? Eh, *probably* not. At least, not initially. Hackers tend to go for slightly bigger targets, not custom niche websites. But it doesn't take too long before a site gets crawled by bots and search engines, and ends up on a target list somewhere meeting some initial criteria (ie, unsecured website with a submission form that matches some keywords like "name" and "address" and "password").
So, an SSL certificate protects data while its being transmitted--but what about the database on the server? Normally, passwords are "salted and hashed" and then saved as an unreadable jumble of characters using a specific algorithm. This is a repeatable process that happens in only one direction. When a password is "salted and hashed", it means that a specific string of text is added onto the password, and then the whole thing is converted into a jumbled string of characters so that it is not a plain text password readable by humans. So in theory, that jumbled string of characters would be useless for anyone who might manage to hack into the server and/or read the database. It's very difficult to reverse a hash to spit out the original password.
So whenever you send your password to the server, it then adds that known "salt" to the password, then "hashes" it, and compares the two hashes. If they match, the server logs you in.
Then, on top of that, some databases or database fields are also encrypted as an additional security measure to protect the data.
Some website database breaches that have occurred in the past either stored passwords in the clear without being salted, hashed or encrypted; or, have used a very weak and easily crackable hash algorithm (such as MD5).
Once your username and password are out in the open (or are crackable having been hashed insecurely), hackers try using those on a variety of common/major websites to see if you used the same username and password anywhere else. Unfortunately, a lot of people do, so inevitably, login information extracted from a less secure website can be used to gain access to accounts in other more secure websites that have good security measures in place (such as a banking website, DMV, insurance websites). After that, they can steal your account and take over your identity, drain your funds, apply for credit cards or loans, issue driver's licenses, etc.
In summary--yes, the site is insecure to some degree. Since the back end is not freely accessible, it's not clear how secure or insecure it is.
Would I submit personal information to this site like this in its current state? No.
If I absolutely had to use an insecure website, this would be what I would do:
1) Get a PO box, and submit that as the address information.
2) Use a completely new and unique email address that you have not used *anywhere* else.
3) Use a completely new and unique username that you have not used *anywhere* else.
4) And finally, a completely new and unique password that you have not used *anywhere* else.
5) Then, never ever use that email, username, or password on any other websites anywhere.
So, if the website is compromised, and someone else gains access to that information, the information would be largely inactionable since you did not use it anywhere else. And also, since you are using a PO box rather than your home address, your home address wouldn't be published for the world to see.
If you think that if your home address getting out in the open doesn't matter much, keep in mind that hackers are also sometimes pranksters. They could send glitter bombs, dog poop, order a pizza for delivery, or even go as far as to swat the address. If you don't know what swatting is, that means someone calls in a fake emergency to the police. People have died as a result of this with police arriving at the address thinking it's a life-or-death situation based on the information given in the fake 911 call.
So yeah--an insecure website containing personal information can be quite a serious matter these days.
[edit]: If you would like to check if your email address has been listed within a known data breach, this is a legitimate website to check with: https://haveibeenpwned.com/
[edit 2]: The site now has an SSL certificate in place.