Re: Third World Security
Absolutely agree with you - the level of bloat is ridiculous - but that's where a decent cache, with ad filters etc., can really make a huge difference. Even "large" CSS files tend to be relatively small (cf+ video) and are rarely downloaded (since they can be cached and apply to whole sites for months at a time), so I tend to excuse those ;)
The ongoing story about the education centre in the middle of Australia is a case in point. They have very limited network bandwidth, and poor latency. Having devices at both ends of their "connection" would allow them to filter out the ads and other garbage somewhere where there is good connectivity, and cache the resultant data in the building.
Those two measures maximise the usage of the limited connectivity, shared between many poeple, and even more sessions. The users are still able to go HTTPS when needed, but their experience over HTTP is better, so they'll use that by default for things that don't require the security.
Put everything HTTPS and you can't strip the ads/flash as easily, you can't cache it between users, you just have to eat the data which is shovelled at you, as your connection is overwhelmed.
Put HTTPS as an option by all means, those of us fortunate enough to have large gobs of bandwidth, no caps and limited numbers of users (i.e. reduced opportunity for caching) can then use it and fill up the central pipes with lots of "unreadable" data.
Enforce HTTPS where user data is being sent/recieved.
Leave HTTP as an option for those who need/want it (maybe even with an "HTTPS is available" banner)