Re: why, why, why... what is the point?
"Why the hell does any of that need to be secure?"
It's WAY TOO EASY for someone in the chain to perform a Man-In-The-Middle attack on you, and before you say the information you serve isn't important, that wouldn't matter if it's the CONNECTION they want to hijack (which they would for something like a malware injection).
Then think about ISPs like Verizon that (whether you want them to or not) inject unique session cookies into all your web traffic that ad agencies can use to identify you. You'd have to think the practice will eventually become universal, leaving the only alternative to bail out of the 'Net altogether.
Put it this way. Do you leave your doors unlocked? That's what the HTTPS Everywhere approach represents.