Storm in a teacup
The site in question is just an advertisement, and ISTM there would be little harm done if it were hacked to death. I don't have motion detectors, trembler switches, 360 degree IR illuminated CCTV surveillance and titanium locks on my dustbin - that doesn't mean that I am ignorant about security.
Obviously now that it has made the news, the site is attractive to people who want to deface it to prove a point, but until now there was nothing to attract anyone to *want* to hack it, so no need to go to any trouble whatsoever to make it secure when the worst that could happen was something that would slightly annoying.
And why anyone thinks that an advertising site should never allow unsecured connections is beyond me.