I have had several frustrating exchanges with my local utility http://www.btes.net/ over their lack of https. How does one get a company like this to listen to sound advice?
I also wished voting with your money/feet helped, but probably not the case if not enough people care.
Fun story, I went to Iceland 2 years ago. When I did research for car rental, it seemed like car rental companies in Iceland are notorious for ripping you off/charging you for damage you didn't have etc. I spent hours reading reviews and came down to only 2 companies that didn't have such reviews out of dozens.
I was about to book with one of them, and only when I was all the way to the credit card step I realized they weren't on https. And I only found out because Chrome warned me -- I had just assumed everyone with credit card forms would be on https. So I stopped there and booked with the other company I found.
A day later they emailed me (I filled out my email info already when I stopped at payments), I guess they had drop off tracking. I told them the reason I didn't book was because they didn't have https. They said thanks and will have their web team look at it.
Last year (1 year after my trip) I checked their site out of curiosity. The payments form still didn't have https.
Strangely their billing, account login, and similar are via HTTPS. Only their sign up form remains insecure. This might sound odd but have you considered writing them a physical letter? Often these bypass their first line technical support and might be seen by someone who could act (or at least make them aware of the issue).