Does V4's htaccess create a PCI issue?

Trustwave just ran a scan and failed my site. The issue is:

Web Application Transmits Login Medium Credentials Without Encryption

Hostgator's PCI folks found the issue to be these URLs:




and they pointed to this line in CS Cart's default .htaccess file:

RewriteRule api/(.*)$ api.php?_d=$1&ajax_custom=1 [L,QSA]

That line in htaccess creates the URL – [url=“http://www.mysite/ap...&ajax_custom=1.”]http://www.mysite/ap...&ajax_custom=1.[/url] This is what needs to be secured with https. Their recommendation is to add this line to my htaccess:

root@nov [/home/mysite/public_html]# ll api.php
-rw-r--r-- 1 omnivos omnivos 1235 Oct 21 00:23 api.php

What I am trying to find out is if this might cause a problem in other areas of the cart.