Static sites without forms, uploads, or sign ins, do not have any security benefit.
First, lots of things are sensitive. Would you want someone in the coffee shop watching you browse the NIH website for sexually transmitted diseases? It would be hideously expensive for each government agency to classify each and every URL as "OK for snooping" or "visitors probably want privacy", certainly several orders of magnitude harder and costlier than just saying that everything is sensitive and treating it accordingly.
Second, what's you're requirement for not having the security benefit? Given that certs are about $10 a year and require negligible resources, what is your compelling reason for not having encryption by default?
Third, there's a real and enormous benefit to having everything encrypted. If encryption is only applied to critical things, then the presence of encryption is a red flag that something is critical. When it's the normal, boring default mode and everything is encrypted, its presence is no longer an indicator that something sensitive is taking place.