1. Have set all registration to manual approval for now. Already using anti spam mods, will have to tweak the settings to stay ahead of the spammers. It is the way it goes.
2. Secure vs unsecure. Should be running the site secure, yes. Need to sort it out, yes. However the site is running as it was, nothing has changed to make it worse or less secure than it was a couple of years ago - just certain browsers will warn you. Would recommend NOT sharing Swiss bank account details via the forum but I'd suggest that anyhow, even if we were running https. There is no direct relationship between not running on https and the site getting forum spam.
Manual approvals need to be done quickly otherwise you risk folk going elsewhere - not ideal for forums. Do the mods have tools to check emails & IP's against spammer blacklists? Are they already checked against something like Project Honey Pot on registration?
we're still getting a chunk of spam, despite the manual approval thing, i think this is because these spam bots are previously registered accounts before the change, it's the only thing i can think of as to why we are still getting some, but then i'm no computer expert.
please keep reporting it when you see it and i'll bin it as soon as i can