How about sites that don't use HTTPS and still have some sensitive information that they secure by means of cookies.

Take for example www.egroups.com. You store sensitive information about yourself and the poeple in your group. Not to mention pictures, resumes, etc. Yet I don't remember having to go thru a HTTPS secured page to login or authenticate.

That kind of security is enough for me. What do you think.