Encryption not just for
"if the vast majority can't be arsed to turn on http, why should Google turn it on by default."
I understand this to a point, but at the same time it isn't only ignorant users passing highly sensitive info that are getting hurt by the lack of automatic https. An equal problem I see are users who may use the services casually but get caught by phishing scams because they can't tell the difference between google's log-in (or that of another legit site) and a fake one. Even if no "sensitive" material is compromised in such a hack, it still exposes personal information -- passwords, for example -- that can be used malevolently. The only way to start protecting against this is encryption, and OBVIOUS encryption, like extended validation ssl w/the green url bar.
And I think a lot of business folks use gmail for personal mail but not pro mail, like I do, but there could be some overlap (I occasionally email stuff between the two mailboxes). Although I do use what https there is.