Comment 2 for bug 1490346

It is not useless:

http://www.scmagazineuk.com/rogue-tor-exit-node-injects-malware-into-downloaded-binaries/article/379404/

That example is for tor, but it can happen anywhere, even in your home network is someone stole your wifi key.

I'm aware that you can't add a certificate to http://homebank.free.fr , that it could cost time and money. You can say you don't want the burden to do it and maintain it. I can understand that, but you can't say it's useless.

Furthermore, in some country ISP do modify http website to inject advertisements or "supercookies".

And, about the post of 2012 : http://security.stackexchange.com/questions/18853/why-arent-application-downloads-routinely-done-over-https I think you didn't read the answer (in quotes, arguments of the post):

"HTTPS requires more resources on the server" => Not relevant anymore
"HTTPS uses more bandwidth" => Not relevant anymore
"HTTPS is overkill" => the post say it provide authenticity AND confidentiality, and complain that confidentiality was too much
"HTTPS wouldn't help many people" => complain about non-security-conscious users and rogues CA. But without https, security-conscious users can't do anything. For rogues CA, now you have CT, PKP/HPKP, DANE/TLSA, ...
"HTTPS doesn't even fully solve the problem" => Talk about mirrors, not the main website

And the conclusion of that post was "If you want to make sure that you're getting the genuine application, check its signature, or check its hash against a reference value that you obtain with a signature (for example over HTTPS)."