Re: Why?
The point is that what one wishes to keep private differs from person to person. So while some stuff should obviously be secure as you mention and some other doesn't - it saves having a department (with all its protocols, mission aims, HR policies and coffee machines) to decide on the stuff in the middle and coming up with enough inconsistencies to keep the El Reg journos in beer for the next decade.
Oh and some stuff which doesn't have, say, user interaction now may in the future and going from http to https is not always simple. So build it secure in the first place or when there is a major revision.
Just sayin'
Biting the hand that feeds IT
