Not a bug
The ?Login url is a special url (similar
to ?ChangePassword etc) that never opens the database in the url path to
check the SSL bit, In addition the ?Login command uses a POST
request and cannot be redirected, if it where to be redirected one would
lost the post data/credentials and login would fail, so for that reason
we do not redirect it.
Additional info
The database name in the url is only present to dispatch the request to
the Domino Web Engine to handle the login request (and could be any <dbname>.nsf)
The ?Login URL does not read/return any information from the database
to the browser. If the requirement that all access to the server
and/or names.nsf should be over SSL then configuration changes at the server
level are required and not just the database level.
If one requires the ?Login over SSL, there are other configuration settings
to force the post back url in the login form to use SSL to post the login
credentials.