Setting up a secure VisualEditor for private Wikis seems to have been a glaring omission,
but the Parsoid docs claim Parsoid is always necessarily running over plaintext. So I
added a section on setting up Parsoid over
HTTPS<https://www.mediawiki.org/wiki/Extension:VisualEditor#Parsoid_over_HTTPS>
(using STunnel) to the Extension:VisualEdtior page.
This should allow folks to have secure VisualEditor configuration for private Wikis. I
hope it helps.