Well, I always like to point people to this incident as a great example of guns and rage really not mixing well: http://www.huffingtonpost.com/2013/09/19/michigan-concealed-carry-road-rage-two-dead_n_3956491.html
And it is still far, far more common than in any other western countries that do have strong gun control laws.
- Cleanly separate content and presentation.
- Provide easy-to-edit templates.
- Allows all of the content to be stored in a VCS.
- Generates entirely static content, so none of its code is in the TCB for the site.
The one thing that it doesn't provide is a comment system, but I'd be quite happy for that to be provided by a separate package if I need one. In particular, it means that even if the comment system is hacked, it won't have access to the source for the site so it's easy to restore.
The 'brought to you by' box on that site lists Mozilla, Akamai, Cisco, EFF, and IdenTrust. I don't see Google pushing it. They're not listed as a sponsor.
That said, it is pushing Certificate Transparency, which is something that is largely led by Ben Laurie at Google and is a very good idea (it aims to use a distributed Merkel Tree to let you track what certificates other people are seeing for a site and what certs are offered for a site, so that servers can tell if someone is issuing bad certs and clients can see if they're the only one getting a different cert).
It depends on your adversary model. Encryption without authentication is good protection against passive adversaries, no protection against active adversaries. If someone can get traffic logs, or sits on the same network as you and gets your packets broadcast, then encryption protects you. If they're in control of one of your routers and are willing to modify traffic, then it doesn't.
The thing that's changed recently is that the global passive adversary has been shown to really exist. Various intelligence agencies really are scooping up all traffic and scanning it. Even a self-signed cert makes this hard, because the overhead of sitting in the middle of every SSL negotiation and doing a separate negotiation with the client and server is huge, especially as you can't tell which clients are using certificate pinning and so will spot it.
It certainly seems to be true that courts in the UK have shied away from questions of whether any given level of consideration is sufficient, favouring a simple finding of whether there was any consideration or not. My intended point was more that while obvious nominal consideration explicitly written into a negotiated contract might reasonably be interpreted as a demonstration of intent to enter into a binding agreement, in this case I'm not sure how well that argument works. In other words, it's not just about whether 1p constitutes consideration, it's about whether that nominal consideration demonstrates an intent to commit to the deal. It would be interesting to hear what any actual lawyers thought about this argument, but sadly it doesn't look like we'll find out here.