This, 100%. They also plan to adopt Certificate Transparency, I believe. And it'll hopefully be trivial to set up, once the scripting is all finished.
No excuses, people. Give it a few years and we'll be seriously talking about turning http: off, or at least putting security warnings on it, denying cookies and scripting, etc.
