This is completely untrue. If HTTP is enough for Debian packages it's enough for my blog. It's a myth that HTTPS is the only way for the Web to be secure; there are many ways to encrypt and verify data. Google it just trying to consolidate its power over the Internet by making us rely on centralized certificate authorities.