“Everyone” knows that if you have people logging into your site, you should at least be considering providing pervasive HTTPS for your site, so your users don’t get pwned by Firesheep. Of course, some people don’t worry about their users getting impersonated, but… yeah.
But even if you’re just a brochureware site, it’s time you get the HTTPS religion. Because if you don’t, you leave your users open to ISPs like this, who want to modify the HTML you send to include their own ads and notifications, or this bunch who thought it might be a good idea to redirect users’ searches to their own revenue generating services.
When you’re forking out for the extra expense of HTTPSifying your site (it’s not huge, but it’s not likely to be free), thank all those people who have decided that their need to extract additional profit from the people who already pay them money for Internet service outweighs their responsibilities to provide the service they’ve been contracted to provide.