It's important and earth shattering because........
Even these days when everybody with some technical knowlege can see the vulnerabilites, large modern companies who really should know better are still opening their systems (i.e. us) up to casual hackers who don't need much technical ability.
We can argue the fact that Graham is getting some credit for something which a schoolkid with a laptop and an Internet connection could do after half an hour of googling, but that's not his fault, he's not clever, the website providers are stupid.
The 'big win' is for all providers of a service which should be private to run https:// instead of http:// from log in to log out. Then certificate security becomes the next vulnerbility (don't use a PC that could have been compromised, never ignore certificate warnings, don't accept a new CA cert into your browser etc.)
A wider question is 'Who should be responsible for security?' yes, gmail can be https:// log in to log out so why not make it the default? Yes, there will be a cost in performance, the providers will need to invest more, and the user may notice a 10% hit, and there may be other browser warnings when mixing secure and non secure content, there's a difference between a taking choice away and people not understanding there's a risk if they don't use https://
I personally can't believe that people will use public PCs to do secure things such as paying bills, but that's starting to get off topic.