One more piece about the HTTPS problem.
Think of this as the TL/DR version. It started as a series of tweets.
The problem of requiring HTTPs in less than 140 chars: 1.Few benefits for blog-like sites, and 2. The costs are prohibitive.
There's actually a #3 (sorry) -- 3. For sites where the owner is gone the costs are more than prohibitive. There's no one to do the work.
I think to understand the boil-the-ocean nature of this goal, you have to have created a few websites over a reasonable period of time.
The web is fragile. The further back in time you go, the more fragile it is.
We could go deeper. You'll find that depth if you just scroll down from this point on Scripting News .
Just in case, a proxy from clear to ssl is easy and low-footprint to set up.
Obviously if my browser is going to require https even for localhost, I'll start to think it's doing fishy things.