As I understand it, the 'not secure' message is becoming standard on browsers where a site does not use the https protocol. Now, if you are buying something and passing over your credit card details then https is a very good idea. There is a small risk the bad guys will expend the money and effort to intercept the details and then use the card or bank login what have you.
There is no where on the site where you would give that sort of information - buying a book the money side is handled by PayPal so I do not have access to credit card info (which I don't want) for example.
Now to move to https for some sites is pointless - but to avoid frightening visitors from being scared by irrelevant warnings, they're doing so.
It's not as simple as just buying a security certificate - other things like every internal link need to be changed which is a fair old task.
I'm in discussions with my tech support chap over it. In the meantime, unless you're really worried someone may intercept the post you are about to share with the world... don't worry