I get your point but you're kind of blowing it out of proportion. A lot of people like myself host really mundane content and that concern is really the last thing on the minds of those types of site owners and their users. You want HTTPS when it's critical that no one manipulate the request and response but for most of us it's not worth the expense and effort. You want SSL on WebMD, Healthcare.gov, your bank website, and those political sites you read when no one is around but if some extra tracking get inserted into the response body of our favorite cat picture site then I think only you and I will notice or care.
SSL everywhere isn't yet practical only due to the expense. It's not that much more effort to secure a site but when you run 10 sites then you're spending $100 a year for those domains. The expense of an SSL certificate each on top of that makes it impractical for solo "webmasters" to secure all their sites. We all know why we should use HTTPS and we do it when it makes sense but it's just not practical 100% of the time yet. Like others have said, this will make more sense once the EFF initiative starts being adopted and getting a free certificate is as easy as apt-get secure-me-please.
Ok sure, your blog has mundane content. But you might use a the same login for your blog as you do for your online banking (with minor changes to the password to make it more "secure", like adding a kid's birth year which people often do). Say you happen to login at a coffee shop, anyone sniffing your WIFI can now pick up your login because your traffic wasn't encrypted.
Most people wouldn't be comfortable with a stranger looking over your shoulder while they logged in. This is the same thing, only you don't think about it.
These things are ALL rare, but why would you want to expose yourself to this?
SSL everywhere is also about improving security for those who don't realize that they might be engaging in behaviors that compromise their own security.
> But you might use a the same login for your blog as you do for your online banking
That is a completely different problem that using https won't solve. It's like building a ship with a hole at the bottom and having a high throughput water pump.
Yes it will, because passive listeners on the network won't be able to catch your password. Only your blog and your online banking will be able to get it, as is intended.
Also note that as tech-savvy people, we have more responsibility in ensuring our users are safe, even from themselves. Sure, the better thing to do would be to educate everyone so they don't reuse passwords. But it will take time, and using HTTPS in the meantime decreases the chance for them to be pwned.
SSL everywhere isn't yet practical only due to the expense. It's not that much more effort to secure a site but when you run 10 sites then you're spending $100 a year for those domains. The expense of an SSL certificate each on top of that makes it impractical for solo "webmasters" to secure all their sites. We all know why we should use HTTPS and we do it when it makes sense but it's just not practical 100% of the time yet. Like others have said, this will make more sense once the EFF initiative starts being adopted and getting a free certificate is as easy as apt-get secure-me-please.