I made the switch just recently to making my perosnal site HTTPS only. It was surprisingly easy to do with nginx.<p>StartSSL gives free 1 year certificates - although each certificate is good for only one sub-domain and the root.<p>I do wish wildcard, and multi-domain certificates weren't so expensive though - it would give me so much more flexibility.
HTTPS is certainly a better option than no HTTPS. But we shouldn't forget that its trust model it is fundamentally and irrecoverably broken -- it has hundreds of single points of complete failure (to wit, DigiNotar and Comodo who both silently and completely broke HTTPS for the entire internet, for a time).<p>So, for the short term -- HTTPS is the best we have. In the medium term, the security model of HTTPS (and by implication, SPDY) must die, and CAs along with it. DANE or Convergence seem like good replacements. Convergence certainly has the right trust model. DANE is perhaps more easy to migrate to, but suffers from being built on DNSSEC's unacceptably shitty crypto infrastructure.
More people would use HTTPS if self-signed certificates weren't something that scared users into leaving and SSL certificates were cheaper. You can get one for around $10 a year, but that's still not free.