To Adam's point, the major browsers are already flagging non-HTTPS sites as insecure. If you click the Password box at the top of SMC in Chrome, a "Not Secure" box shows up to the left of the URL in the address bar. In Firefox, clicking in either the User Name or Password box will bring up a tool tip-style message pointing out that the connection is not secure. IE hasn't yet jumped on this bandwagon, but they probably will as some point. I believe Google is taking or going to start taking HTTP vs. HTTPS into account for its site rankings as well.
While HTTPS is not fully secure, it is certainly more secure than HTTP. Passwords can easily be read when using HTTP, so that's a good reason to move to HTTPS right there.