Has paulgraham.com never had TLS or is it just more obvious now because of Chrome UI changes? I find the old-school style & minimalism helps focus on the content, but shouldn't he at least have a LetsEncrypt cert up there or something? Or is the argument that because the site has no interactivity, it's not a big deal?
It has a TLS certificate for the Yahoo Store domain if you browse to the https:// version, but I agree that PG should add something easy like Let's Encrypt or put it behind Cloudflare. It's been "modernized" with a mobile version already, so I think that HTTPS is a good next step. It can't hurt, at least.
