By default the UserLogin page is either secure or not secure based on the previous page. So if a constituent is on a donation form and clicks on a link to the UserLogin page, the page will be secure. If a constituent is on a regular PageBuilder page and clicks on a link to the UserLogin page, the page will not be secure. If you would like this behavior changed so that the UserLogin page is always secure, contact support and reference this knowledgebase article.