I disagree. The primary threat model for unencrypted http connections is a MITM attack. A middle box (a proxy or router) modifies the response payload to inject malicious content or modify the content. For an ordinary blog or personal website an attacker can gain compute, violate privacy, acquire a (minor) DDOS source, on the blogs users by injecting a script.
Another type of attack would modify the content of the site to suit the attackers purpose - either to hurt the author and/or their message. Consider the damage an attacker can do if they injected CSAM onto a person's blog. The victim's life would be ruined long before the wheels of justice turned (if they turn at all). The one mitigating factor is that you'd need to have reliable control over a relatively stable middle-box to execute this attack, but that's quite feasible. Last but not least don't underestimate the way software grows. Sooner or later someone is going to implement HTTP basic authentication over plain HTTP and, needless to say, that's a bad idea.
Look, I don't like it either. I remember when you could telnet into a server and interact with it. That was good for pedagogy and building a mental model of the protocol. But we have to deal with how things are, not how we want them to be.
Another type of attack would modify the content of the site to suit the attackers purpose - either to hurt the author and/or their message. Consider the damage an attacker can do if they injected CSAM onto a person's blog. The victim's life would be ruined long before the wheels of justice turned (if they turn at all). The one mitigating factor is that you'd need to have reliable control over a relatively stable middle-box to execute this attack, but that's quite feasible. Last but not least don't underestimate the way software grows. Sooner or later someone is going to implement HTTP basic authentication over plain HTTP and, needless to say, that's a bad idea.
Look, I don't like it either. I remember when you could telnet into a server and interact with it. That was good for pedagogy and building a mental model of the protocol. But we have to deal with how things are, not how we want them to be.