In addition to @nirgrahamuk 's comment that the app itself is served over HTTPS...
If you really wanted the URL to have HTTPS/SSL, you can by a dirt cheap domain and just put the Shiny app on it via iframe (tutorial).
That way you can use your free shinyapps.io -hosted application on your SSL website.
EDIT : This is still a huge problem because:
- iframes do not play well with sizing specifications of shiny apps, the result can be very poor
- Although the app itself may be served over SSL, who cares? A user visiting your site will only see a warning say "Not secure!" and tells users to not proceed.
I agree, this is not acceptable given the very high price of a pro account on shinyapps.io and the "benefit" of custom URLs (when they are not served over https)