Unsecure connection

[DavidM]

While it's true that there's no technical reason that secure connections are needed, there is a definite effort underway to change the public's perception of the need for all http traffic to be handled in secure fashion.

Web browsers are being modified over time to make standard http connections more obvious (and scary looking) compared to https. Perhaps the biggest driver behind content provider's implementation of secure websites, though, is SEO/ranking. Google announced as early as 2014 that they were beginning to increase search rank "slightly" for secure sites, along with the intent to increase the advantage over time.

Let's Encrypt is free, but requires server-side support that may not be easy to implement for some hosting environments. If you can't go that route, a standard "PositiveSSL" certificate can be purchased at a low cost ($3.88/year at present from SSLs.com).

IMHO, it's not a matter of "if", but "when". We aren't yet at a point where this is a necessity, but that time is coming.