As a former software test engineer I am apalled that the admin password for the HH6 is passed in on the url as plain text.
If your network is compromised in any way then this leaves your Hub open to hacking.
From a security viewpoint this is a complete nono!!! I realise the risk may be low but at the very least the connection to the HUB should be via an SSL connection AKA secured and encrypted (HTTPS).
This is as seen on the URL - http://192.168.1.254/0000016400/gui/?password=<mypassword>#/basicStatus
Not really a security risk, the hub manager is only accesible via your LAN, however, I agree access should be via HTTPS yo
PS your link just links back to this thread