Comment Easy. (Score 1) 665
Site certificates cost too much damn money and are too damn restrictive. I can't buy a certificate that will cover every conceivable iteration of my domain name unless buy an "unlimited subdomain" cert which is usually 2-3x more expensive than a single domain cert. And GOD HAVE MERCY ON YOUR SOUL if you actually have more than one domain name pointing to the same server...
Obviously you could just turn on https and redirect all traffic to it with a self-signed certificate, but when you do that every browser that visits your site starts screaming OH MY GOD I DON'T KNOW WHO SIGNED THIS EVIL HAXXX0R5 MIGHT BE STEALING YOUR IDENTITY AND SIPHONING YOUR BANK ACCOUNT AS WE SPEAK. This tends to degrade your average visitors confidence in the authenticity of your site.
I'm speaking from experience, since I had to go through this crap last October when Firesheep came out.
The good news is that 99.9% of all blogspam doesn't know how to handle https. Yet.