People can use HTTPS now instead of HTTP, without degrading usability. This has taken a lot of people a lot of work, but everyone gets to enjoy better security. No need to lock and unlock every REST call as if it were a bicycle.
Also, a hacker will replace the broken glass within milliseconds, and you won't find out it was ever broken.
You're ignoring that HTTPS took decades to be default thanks to massive work of a lot of security engineers who UNDERSTOOD that work and process around certificates was too onerous and hard for users. It took them literally decades of work to get HTTPS cert issuance to such a low cost process that everyone does it.
It *really* cannot be understated how much important work that was.
Meanwhile, other security zealots were just happy to scream at users for not sending 20 forms and thousands of dollars to cert authorities.
Usability matters - and the author of this original rant seems to be one of those security people who don't understand why the systems they're guarding are useful, used and how are they used. That's the core security cancer still in the wild - security experts not understanding just how transparent the security has to be and that it's sometimes ok to have a less secure system if that means users won't do something worse.
People can use HTTPS now instead of HTTP, without degrading usability. This has taken a lot of people a lot of work, but everyone gets to enjoy better security. No need to lock and unlock every REST call as if it were a bicycle.
Also, a hacker will replace the broken glass within milliseconds, and you won't find out it was ever broken.