They could inject malicious code or even just ads into those http assets and therefore compromise the https connection.
I also don't necessarily think that we need https for everything, but it's better to err on the safe side and if you're gonna start doing it, then you should do it properly.
This new https craze is like demanding seals of authenticity from posters on lamp posts.