As someone who has used Flexible SSL, it's perfectly reasonable for some threat models. In our case, credit cards and passwords were both managed by external services and the actual data we stored was not sensitive. We really just needed to prevent account hijacking in cafes via Firesheep.