Yes, everything does need to be HTTPS. If not for user privacy then for response integrity - to be sure the response hasn't been MITMed.
You might think most sites are innocuous, but it depends on where you live. I could see this site getting classified as "hacking/encryption-related" by something like sonicwall's firewall (HN too). What if your government tasks your ISP to round up all those trying to bypass state firewalls? Heck I live in a western country where our government is misguidedly angling to ban encryption. For the minimal effort involved, I believe all sites should be https.
Privacy is beneficial in itself, but also:
> protecting less sensitive sites strengthens the protections of more sensitive sites
Any site that can be MITMed is a site that can be used to gather personal information and escalate from there. Especially seeing as most people reuse passwords like crazy.
The same reason the pharmacy puts your order into a brown paper bag even though you only bought some cough drops: That it provides cover for the next customer, who's buying hemorrhoid cream or whatever. If you only encrypt the sensitive stuff then encryption flags your stuff as sensitive.
You might think most sites are innocuous, but it depends on where you live. I could see this site getting classified as "hacking/encryption-related" by something like sonicwall's firewall (HN too). What if your government tasks your ISP to round up all those trying to bypass state firewalls? Heck I live in a western country where our government is misguidedly angling to ban encryption. For the minimal effort involved, I believe all sites should be https.