Partially false. HTTPS URLs are not sent in plaintext. Only the server IP could be sniffed. As long as 8ch decryption happens at the server tier, traffic is theoretically secure.
I'm not saying there are no ways to achieve what you're implying, but this analysis is not correct.
Digging into this… does 8ch rely on Cloudflare for SSL termination??
For non codefags - Cloudflare is a San Francisco company that sits between browsers and servers. They provide services to websites like caching and DDOS prevention etc. One of the services they offer is to provide SSL (encryption) certificates. BUT the way it's usually set up, Cloudflare has to unencrypt all traffic to your server before forwarding it to your server. You can configure it to forward that data to your server UNencrypted. In that case, it would be trivial to snoop on all data going to and from the 8ch servers while still appearing on our end to be secure.
I hope that CM at least has "Full" ssl, which means that Cloudflare will re-encrypt the traffic before sending to the 8ch server. But really the site should be moved off of cloudflare if at all possible…