Thanks for going deep into this, let me add though that it's not about an ideal world or bullying, HTTPS should be the default. Lets Encrypt managed that for us already, pretty soon it will be the default.