The NSA and other state actors can use non-secure pages to inject code to exploit the browser and compromise your visitors.

http://en.wikipedia.org/wiki/FOXACID#QUANTUM_attacks

State actors are probably irrelevant in this discussion; few of them won't be able to get a certificate to any website they want, in my opinion.

This is a known issue and being addressed as well.

http://tools.ietf.org/html/draft-ietf-websec-key-pinning-11

http://dev.chromium.org/sts

That 100% static site can be monitored. Which pages you visit on it and what that says about you.

Privacy is always valuable.

A lot of work routers might flag that site url as "GAMING" and with too much use could potentially contribute to someone losing their job.

Also some isps have been caught injecting ads into plain text web sites [1]. Do you want more ads on your site that you didn't put there?

[1] http://zmhenkel.blogspot.com/2013/03/isp-advertisement-injec...

Switching over to HTTPS in and of itself shouldn't stop much data leakage given that the hostname - at least at current - isn't difficult to obtain (and really gives the game away for the content you're visiting as far as my site is concerned), but I suppose it's a step in the right direction and will stop primitive tracking attempts.

Protecting against code injection is actually a fair point though.

Sure they would benefit. They could check whatever is on your site without anyone in between noticing (WLAN e.g. at starbucks, corporate LANs and the proxies used etc etc). There are companies out there, who buy surf-habits (read: browsing logs of URLs visited) and mine it for valuable data.

Encrypt.

You're seeing HTTPS as a move from HTTP with a burden.

Let's see it the other way: any sane webserver allows you to easily activate TLS, and generating a certificate is both free and easy. What's the point of going back to HTTP at this point ?

Static sites can have their content modified silently in a MITM attack as well.