Let's think of the idiocy of Slashdot not using SSL on their pages. It's now known that British intelligence services carried out MITM attacks of this popular tech watering hole to attack targets of interest. Given Slashdot knows this has happened and still, no SSL. Sure, they are not processing payment transactions onsite, but they can serve as a MITM puppet and don't seem concerned about this, surely because it might impinge on Dice's ad revenue.
This is why all my blogs/sites are on SSL (or being converted in 1 case). Do you think people really check those md5sum's on the downloads from your OSS project page/blog? Make that unnecessary and use SSL. BTW, my CloudFront charges only went up 5% (i.e. a few bucks) and all my certs cost $2/ea because I stocked up at a sale. It's not a matter of money for most admins.
This is why all my blogs/sites are on SSL (or being converted in 1 case). Do you think people really check those md5sum's on the downloads from your OSS project page/blog? Make that unnecessary and use SSL. BTW, my CloudFront charges only went up 5% (i.e. a few bucks) and all my certs cost $2/ea because I stocked up at a sale. It's not a matter of money for most admins.
The question is not "Why SSL" by "Why not?"