I've worked on this kind of device. You can rarely use them directly anyway, you need some kind of reverse-proxy/caching to use them otherwise they will crash if to many people are connecting on it directly. Anyway, these kind of device are rarely connected to the outside world so on the worst case, HTTP is still not a problem on an internal network.
I work with them every day, and the point of having HTTP server is not to allow many people to connect to them but one person, or script to do it once in a blue moon without a need to install any software. If HTTP is removed from browsers, this will simply not be possible anymore
Look, you are clearly a minority (developer who works with HTTP-enabled limited RAM devices). Why should we hold back the progress of the web to cater to your very specific use case? Why should my grandmother be subjected to phishing attacks and injected ads because your situation would be slightly inconvenienced by dropping plain HTTP from popular browsers?
Also, you are a developer. I am sure we can figure out some way for developers to re-enable plain HTTP in some hidden settings. That way people like you and me can continue to do what we do, while the rest of the web users are enjoying the benefits of being more secure by default.
Nobody is asking your embedded systems to support unnecessary functionality. At worst, you are going to have to one time go to about:config and change enable_plain_http from 0 to 1. Then for you life goes on as before. Is that too much to ask for much greater security for everyone involved?
Just like I can disable javascript? Oh wait, I can't!
Does having ftp support in firefox affect anyone's security? Getting rid of HTTP will in best case make people think that they are more secured, that's all. Most of the malware that is active today propagates not because HTTP is unsecure, but because we made the web an Advertisement Delivery System. Malware now attacks browsers, through Flash, Javascript and Java.. first fix this before you start working on getting rid of an established protocol.
Once again, telnet was an established protocol, yet we got rid of it. I am sure people presented passionate arguments in favor of keeping telnet forever, saying that there are other threats on the Internet.
Getting rid of HTTP will make people more secure. It will ensure that basically all sites people visit will be protected by a trusted cert.
Note that nobody is talking about installable malware here. We are talking about protecting the web. For example, if your connection to news.ycombinator.com is protected by HTTPS, this makes it that much more difficult for the NSA to spy on you, or for me to insert a goatse into the content while you are at work, and I am sitting in the next office over form you.
> Once again, telnet was an established protocol, yet we got rid of it.
No we didn't. Telnet is still pervasive as a communications protocol, partly because of its simplicity and partly because of its momentum. This is particularly true in the realm of embedded devices; even rather-modern enterprise-grade HP printers (for example) open up a Telnet port for terminal-driven configuration by default.