> And anyway, most websites don't need SSL. Anyone who tells you different is probably wearing an aluminum foil fashion accessory.
How about the fact that any HTTP page can be injected with arbitrary javascript by a MitM? Are you that confident about your browser's impermeability? Do you always use a VPN in public hotspots? etc.
Anything that's worth viewing, on an often attacked platform (browsers), is worth viewing securely.
Mitm is still pretty trivial to perform from hotspots, even for supposedly-https websites. There's a dozen ways I can inject traffic into your browser, whether on the initial connection to the site you want, or in one of the many non-https connections from 3rd party content loaded into practically every website on the internet. This isn't even taking into account the vast number of attacks on https clients and protocols.
Second, nobody is trying to inject traffic in your browser on a hotspot. Nobody. Nobody cares about your connection. There is no secret cabal of hackers sitting at every airport and starbucks waiting to steal your Facebook login. They don't give a shit. You are the tiniest small fry, and they have much easier ways of committing cybercrime that pay out much better and provide them better intel.
And yes, if I want to make sure i'm secure, I use a VPN. I assume all public browsing sessions are hijackable.
How about the fact that any HTTP page can be injected with arbitrary javascript by a MitM? Are you that confident about your browser's impermeability? Do you always use a VPN in public hotspots? etc.
Anything that's worth viewing, on an often attacked platform (browsers), is worth viewing securely.
edit: s/link/page/