> Recollect how much trouble we get into because people > try to https only what matters, and http when it is safe > to do so, and usually get it wrong. furthermore, even if you get it right, it makes it a lot more obvious what the crackers should be trying to crack when not everything is encrypted by default?