Have we reached the point where plain http seeks not welcoming. If the site above doesn't require you to login why do you think you need https? Is the only reason to hide your visit to that site from your isp?

Umm, the site in question is a big button to download something to run on your computer. You don’t think it would be bad if someone hijacked that and had people downloading malicious software?

You seem to misunderstand https... for one, it doesn’t hide your visit to that site from your ISP; they know the IP address you visited, and due to SNI, they will even know the domain. The point is to make sure you are connecting to the site you think you are connecting to.

The idea of https to have a secure communication channel where you can verify that the other party is who they say they are. Each https domain needs a certificate that is bound to the domain. It is a good way to prevent malware to be installed on your machine.

A website only needs to require you to login if they want to make sure that you are who you are and/or to prevent others from accessing information that you have shared with that website.

HTTPS can be used to verify that the host is actually the host we think they are. This is especially useful when we're downloading executables/scripts.

A plain HTTP site which is merely informative is perfectly reasonable.

short answer is - yes, we've reached that point. https by default is a reasonable default, in part because cpu and latency costs of https are basically zero for most implementations. And the implementations where it's not zero can afford the cost.

Given the almost-no-cost of the choice, why default to the less-secure alternative?