>it protects your users from hostile third-party content masquerading as yours
Exactly. What does anyone lose if my anonymous untrusted blog does something untrustworthy for that one reader who has an infected router?
Should I encrypt messages I write on post cards, because I'm afraid a disgruntled postal worker will write "you suck" on the bottom? The worst case scenario here is temporary vandalism.
The same argument applies to littering. It's only going to harm strangers, and you're unlikely to get caught, so strictly from a cost-benefit perspective it seems like a good idea. But if everyone makes that "rational" decision then we all lose.
The problem is that as a community we want to move to where no traffic is unencrypted so the MITM don't have to be trusted. If your static site wants an exception then your static site is going to be where I get hit.
Exactly. What does anyone lose if my anonymous untrusted blog does something untrustworthy for that one reader who has an infected router?
Should I encrypt messages I write on post cards, because I'm afraid a disgruntled postal worker will write "you suck" on the bottom? The worst case scenario here is temporary vandalism.