Updated with #activertypub its still a valid solution.
@witchescauldron Http only sites are really vulnerable to injection attacks, so if you're publishing media which could be in any way controversial you might find that there's a difference between what is being published and what readers can see in their browser. Even if it appears the same, scripts or tracking pixels can be injected. It's not a theoretical risk either.
To support this server and the OMN project https://opencollective.com/open-media-network