HTTPS only like this blackhats.net.au site comes at a cost too. If there's a browser/server SSL mismatch the text becomes completely unavailable. While if it was an HTTP+HTTPS site I could simply visit the HTTP endpoint. Instead to protect against hypothetical downgrade attacks they've made their content inaccessible and effectively DoS themselves for a small fraction of visitors.
This site won't work on Windows 7 / Chrome 69 as it only supports TLS 1.3 [1]. I believe 5% of the web can't connect [2].
But the text on the site is for technically minded people and the content includes commands you should run and security configuration. Tampering of the content could be quite harmful.
Tampering with the contents is quite unlikely. And anyone visiting a security site as a technically minded person probably has javascript disabled initially.
Requiring HTTPS only for this is like requiring people wear bulletproof vests to visit your backyard BBQ. There is no doubt they are "safer". But it's also pretty silly.
No, it was shockingly common for ISPs and public WiFi to modify sites. And many did inject malicious scripts or redirect users to malicious sites in order to monetize.
