This page is being served securely at the moment, though that could change depending on what's loaded by third party scripts. It could be that VS has a handle on that now, but I can't speak for them of course.
FWIW, I base what I've stated above in part on what I've read using the following Google search criteria: my ssl cert says sni.cloudflaressl.com
Anyways, it's not a question of whether the page (or any other page here) and/or the page content/user data is being served securely as far as server/client relationships go (it more likely is, at least in this instance). It's more a question of whether or not the correct user's data is being served to those who are logged in. Serving someone's user data to someone who isn't authorized to view it is a breach of user privacy.
With that in mind, the question that now remains is whether or not the data that is being shared breeches a user's privacy as defined by existing regulations (e.g., does showing a different user's name, a list of their subscribed threads, etc., breech a user's privacy? Perhaps not, but don't quote me. Does sharing a list of a user's PMs breech that privacy? Perhaps, especially if the subjects of those PMs and the names of users privy to a PM thread are displayed. How about the content of a user's PM, would that breech privacy if shared in the manner being discussed? While I'm not a lawyer, I'd guess probably).
Lastly, FYI/FWIW, I did disable add blockers before taking the following screen capture of this page: