They should redirect the attack to the server hosting the script as a friendly encouragement to use encryption.