Did you know about 1% of the traffic on the internet is protected with SSL (see the Sandyvine Report)?
Or than many of the sites responsible for this traffic do not require SSL, they instead just make it available as an option?
This unfortunately this means users are exposed to risks that are otherwise would not be present.
There is a trend to move to protecting all site content with SSL, this effort has been dubbed Always On SSL; the OTA has just recently published a whitepaper on this topic that I had a chance to contribute to.