I get your point but you're kind of blowing it out of proportion. A lot of people like myself host really mundane content and that concern is really the last thing on the minds of those types of site owners and their users. You want HTTPS when it's critical that no one manipulate the request and response but for most of us it's not worth the expense and effort. You want SSL on WebMD, Healthcare.gov, your bank website, and those political sites you read when no one is around but if some extra tracking get inserted into the response body of our favorite cat picture site then I think only you and I will notice or care.

SSL everywhere isn't yet practical only due to the expense. It's not that much more effort to secure a site but when you run 10 sites then you're spending $100 a year for those domains. The expense of an SSL certificate each on top of that makes it impractical for solo "webmasters" to secure all their sites. We all know why we should use HTTPS and we do it when it makes sense but it's just not practical 100% of the time yet. Like others have said, this will make more sense once the EFF initiative starts being adopted and getting a free certificate is as easy as apt-get secure-me-please.

Ok sure, your blog has mundane content. But you might use a the same login for your blog as you do for your online banking (with minor changes to the password to make it more "secure", like adding a kid's birth year which people often do). Say you happen to login at a coffee shop, anyone sniffing your WIFI can now pick up your login because your traffic wasn't encrypted.

Most people wouldn't be comfortable with a stranger looking over your shoulder while they logged in. This is the same thing, only you don't think about it.

These things are ALL rare, but why would you want to expose yourself to this?

SSL everywhere is also about improving security for those who don't realize that they might be engaging in behaviors that compromise their own security.

> But you might use a the same login for your blog as you do for your online banking

That is a completely different problem that using https won't solve. It's like building a ship with a hole at the bottom and having a high throughput water pump.

Yes it will, because passive listeners on the network won't be able to catch your password. Only your blog and your online banking will be able to get it, as is intended.

Also note that as tech-savvy people, we have more responsibility in ensuring our users are safe, even from themselves. Sure, the better thing to do would be to educate everyone so they don't reuse passwords. But it will take time, and using HTTPS in the meantime decreases the chance for them to be pwned.

Think of SSL like vaccination. It provides necessary immunity for those rare cases where something bad would happen.

If your site has auto-playing sound, would you be opposed to chrome adding the speaker indicator on the tab to alert users that your tab is causing the sound?

A speaker icon isn't making a judgement as to whether that sound is good or bad. Turning no-ssl into a warning is like having the browser judge you for being poor or cheap or incompetent. Not having HTTPS does not mean that you are insecure, it means the site isn't encrypted. There's a difference. Whether the lack of SSL makes you vulnerable to shenanigans depends on a lot of factors having nothing to do with SSL encryption and everything to do with the site content and what one may gain from snooping on your request or manipulating the response. Sometimes there's nothing to gain there.

Some sites are in theory fine without encryption or an alert. Others are definitely not. The problem is that the browser (software) can't possibly know the difference, especially because the sites that "should" be encrypted is a matter of circumstance and varies from user to user. Some might say that the user should know the difference, but I think we can reasonably call that a huge cop-out.

So in order to show an alert whenever sites that should be encrypted aren't, you just have to show an alert all the time. The SSL everywhere movement and Let's Encrypt are about making encryption easy enough for sites like yours that it's practical to do that.

Basically, your site being encrypted, even if it doesn't specifically need to be, helps to improve security of the web as a whole.

At least the browser knows the font choice is yours. The issue here is not with the content of your blog itself, but making sure it's integrity is preserved. Unless you use HTTPS, you don't know what content is sent to the browser, and you don't know who received it.