O_oHTTPS does not enhance privacy and reduce security risks in all cases
If you have a couple of hours to look around, you can easily prove to yourself that HTTPS alone isn't such a beast in any cases.
Many data breaches the last few years were managed thanks to fools sprinkling a little HTTPS over their infrastructure without a thought to apply the vast number of other industry standards for security.
A couple of ridiculously common examples:
$): Some places still have passwords limited to eight characters...
$): Using a very simple, pure increment, "session stay" in cookies...
$): Reusing user passwords for administrative roles...
$): Never updating the software stack to patch known exploits...
*shrug*
These days people seem to mix and match what security practices to follow when you need them all just to stay evenly matched.
Soma