Re: I'd consider "broken HTTPS" far more insecure than HTTP
Before worrying about sites that use HTTP for non-important data (OK, you may disagree with that) the world+dog needs to fix the massive hole that is SSL certificate issuing.
As it stands, you only need one signing agency to be compromised and-or paid-off/and-or politically pressured to get a cert for any site in the world. So of the 600+ (?) issuers, only 1 in 600+ need be knobbled to fail, that has to change. We need a system where any dodgy certificate is found out immediately by cross-checking with several brokers, and not accepted because one in that hige parallel chain failed.
Biting the hand that feeds IT
