The man-in-the-middle attack potential other replies have mentioned is possible, but my reason is far simpler. Defaulting to https for everything removes the cognitive load of having to decide whether to trust a website and pushes users to believe everything should be secure by default. The environmental impact is, in my opinion, worth it.
The man-in-the-middle attack potential other replies have mentioned is possible, but my reason is far simpler. Defaulting to https for everything removes the cognitive load of having to decide whether to trust a website and pushes users to believe everything should be secure by default. The environmental impact is, in my opinion, worth it.