There are millions of sites that are not encrypted. It is, after all, an additional expense and quite a painful process to implement security certificates on a website and unless you’re Paypal, Amazon or whatever you might not think it worth it. But, having an https:// address as opposed to an http:// not only makes a small difference to search engine optimisation (SEO) and gives a site a little nudge upwards in the Google search engine results pages (SERPs), but also ensures to some degree that your visitors’ privacy is protected to some extent when they interact with your site, whether commenting on a blog post or buying something from your online shop.
But, like I say, web hosts charge for their SSL (secure socket layer) setup that gives you the security s in your web address and it’s a big faff to set up if you are are small website on shared hosting and don’t have full access to your server. Your tumblr, twitter, facebook, youtube, googlemail and wordpress.com blog and many others are SSL protected by default these days, perhaps it is time the web hosts for the millions of small sites out there stepped up to the mark and enabled free SSL across the board for all the sites they host. It would make the web a much safer place.
Maybe some web hosts already offer free SSL, it looks like one or two did back in 2012, but it’s usually a paid service. They should offer the basics for small sites for free and scale it per the usual freemium model.