It's not about that guy's blog. This causes desensitization to non-HTTPS traffic and when people then actually visit non-HTTPS malicious blog, they get infected. If all "trusted" websites were HTTPS, then whenever there was untrusted access, people will notice it and raise alarm.