No site can ever be completely safe — the sheer number of high-profile breaches are a testament to this. But you can follow some best practices to make your site less of a target for a casual malicious actor or automated script.
There is no excuse to be without an SSL certificate these days. They’re extremely cheap and can even be obtained for free (Let’s Encrypt). Installing an SSL certificate on Laravel Forge is very easy – let me show you how.
There are several serious vulnerabilities in SSL (POODLE, BEAST) and early TLS (min-in-the-middle attacks). The only way to mitigate these security risks, is disabling SSLv3 and TLS 1.0 completely. These protocols should not be allowed as fallbacks on your server either.