Not using HTTPS means that anybody can inject malware for visitors to your website.

There are no websites that don't need SSL.

Though browsers should really protect you against that already. ('Should', not 'would'.) Because SSL doesn't mean that there won't be malware on the site injected via some other means, ie by someone hijacking the server or by an otherwise malicious server.

Agreed on principle, but the “not secure” warning in the url bar is an annoyance I cannot stand.

Well the full-page insecure advanced continue with http is even worse. I (we) understand there's no real reason to need it, but if you're serving the general public (as isn't the case here) you absolutely need TLS whatever you're doing in 2024 IMO. Personally if I were blogging even for this audience I'd want to avoid that friction, but I think it's not like antirez doesn't know about it, I assumed it's a sort of protest.