The popHealth web application should be configured to use HTTPS rather than HTTP. Using HTTP to access popHealth could allow responses from the popHealth web application to be intercepted and viewed. HTTPS connections should be used to load webpages containing sensitive data such as personal health information (PHI). You should configure your popHealth server to be served via HTTPS. If you are running popHealth on Apache and Phusion Passenger, you can use the following steps to configure HTTPS. See http://httpd.apache.org/docs/2.0/ssl/
If this is a test instance of popHealth with no PHI, you can override this warning by setting the value force_unsecure_communications to true in popHealth/config/pophealth.yml and restart popHealth.