"Sometimes that matters. Other times it really doesn't: who cares if it was some anonymous MITM who inserted your comment?"
What if the comment was actually malware? Chinese Cannon inserted malware in unencrypted pages, what's to stop anyone else, and it need not be JavaScript, it could be something that could pass through even NoScript, for all we know.