Originally Posted by bithub
Without HTTPS, users are vulnerable to MITM attacks. What if a malicious entity intercepted the user's request to your simple website? What if instead of returning your simple website to the user, they returned a malicous copy that attempted to install malware? What if it added a donation box that would send money to the attacker? What if it added a "log in via Facebook" link to the top of your page, but the credentials went to the attacker instead? Javascript is very powerful, and there are a lot of things a bad site can do to steal information or exploit vulnerabilities.