The forum should also use https as the certificate not only serves to encrypt the connection between the browser and the server, it also validates that you are connecting to the legitimate pelican forum server. In its current configuration it would be rather trivial to bring up another server and mascarade as forums.pelicanparts.com, conduct a DNS poisoning attack to redirect everyone to the imposter server and capture everyone's logins. The fact this is not their e-commerce site should not preclude them from protecting the forum servers. Attackers may be able to find their way into more sensitive areas of their operation. Remember the Target credit card breach? The attackers exploited a weakness in the HVAC systems and found their way to the credit card machines.
The go daddy cert issued to pelican parts e-commerce site can only be used on
www.pelicanparts.com and pelicanparts.com. Pelican parts would need to either get another cert for forums.pelicanparts.com or update their current cert to a SAN cert that could be used for
Loading, pelicanparts.com and forums.pelicanparts.com. I would opt for a separate cert so if one is compromised (say the forum cert) it doesn't affect the other (cert used for e-commerce site).
Looking at the go daddy pricing for certs, a single domain is only $63.99 per year, a san cert is $159.99 per year and a wildcard cert which can be used on *.pelicanparts.com $295 per year. Cheap insurance IMHO.