The simple answer is it is just too costly in some environments to do so, and I'm not talking about SSL Certs, which are arguably pretty cheap.
With using HTTPS for everything, you need that much more processing power to encrypt and decrypt all traffic. That needed processing power has to come from somewhere, and that is going to be more hardware, which in turn says a lot more money is needed for security.
Sure, you can minimize the cost a bit by using SSL gateways, but those can get quite expensive as well, especially in larger web environments like Facebook, Twitter, etc.
Don't get me wrong here -- I would love to see every site using HTTPS (and some of the major ones do offer the option like Facebook), but the cost of implementing a solution like this can be prohibitively expensive.
Most of my users are developers. We use VMWare for a majority of our systems, including development environments. Most of my users have one or two laptops, however, they develop inside VMs with all their development tools installed. The question of thin or thick clients isn't really an issue for us, because it doesn't matter. As long as our developers can access their VMs via RDP or SSH, then they're good. Our support personnel are the same way. They can generate a client's entire environment through some of VMWare's solutions, and control it all from their laptop, desktop, or hell their phone if they really wanted to.
I guess my point is, is that for a development environment, what you use to access your virtualized development environment, the medium to access it (laptop, desktop, ipad, etc.) doesn't matter, just as long as you can access the VM and do your work on it.
This is an unauthorized cybernetic announcement.