I'm not sure which well-trodden path you're talking about.. the only significant change in "the internet" in the 80s and 90s was the introduction and popularization of the web, the latter of which really only gained ground when it became available out of the box with Win95. Sure there was AOL and Compuserv and whatnot but those weren't taken over by geeknet 0.1, they were taken over by easy access to Internet Explorer.
And yes, "we" as geeks should and mostly do know better.. that's why things like TOR exist in the first place. But while geeks accounted for 90+% of the internet population back in 1991, the opposite is true now. If you're content limiting yourself to whatever content is available through TOR, whatever games and business software are available through Linux, etc, then power to you. I applaud your ability to stick to your ideals!
But here in the real world where the rest of us live, there exist motivations beyond "will this ban me from the True (or Real?) Geek club"?
You're absolutely correct about me though. I am not a True Geek, a Real Geek, nor even a Scotsman. I used to be one of the former (or at least much closer to it) to back when I had more free time and less life experience. Things change. Priorities change.
Should people practice computer safety? Absolutely. Web admins in particular should turn on https by default since there's no reason not to unless you're intentionally being shady.
Should people practice computer safety to the exclusion of their ability to do their jobs, websites they like that don't have https support or whatever else they do? Can't say I agree with that, even for geeks. Its just so incredibly beyond overkill that its not even funny.
I'm not saying we shouldn't aim for end-to-end security, and I'm definitely not saying that geeks won't be the ones trying to pave the way. I AM saying that until there's a significant content saturation under whatever solution they come up with, that its unrealistic for most people -- even geeks -- to completely shut out the existing systems.
Oh and just to be really pedantic, since the article is about injection attacks, there's absolutely nothing stopping the injections from being done directly at Youtube -- except Google's objections -- so https is at best only reducing the problem, not eliminating it. The only way to be 100% secure online is to unplug your internet connection and never plug it in again. But that kind of defeats the purpose.