A lot of links are still on http. Many of them get 301-redirected to https. Which is good: The 301-redirect should remain, to not break existing links somewhere in the wild.
But on web pages hosted by piwik, piwik should migrate the links to https, so that users get to the https version without being 301-redirected.
Security: 301-redirects are requests which are requested and responded via http. Which is unencrypted, and more important, not safe against manipulation and not authenticating the server. E.g. MITM can manipulate the target URL to something phishy.
Now that piwik already 301-redirects most of its http links to https, a link checker can be taken to analyze all these 301-redirects and fix them to https where possible. That should work for all links to https-only web sites (including external links like e.g. links to twitter).
This issue is a follow-up to #8236
Thanks for the report. This should just now be fixed. Could you confirm please?
@mattab According to the W3C link checker, there are still links like
http://developer.piwik.org/ redirected to https://developer.piwik.org/ http://forum.piwik.org/ redirected to https://forum.piwik.org/ http://twitter.com/piwik redirected to https://twitter.com/piwik
@mattab Still many links left. Just run the W3C link checker (link in my first comment).