Thanks for the zap! To add: most companies use HTTPS for their websites. It requires a bit more set up involving certification (not sure the details of it).
Don’t know a good reason not to use HTTPS other than the extra bit of work. Maybe someone more technical can weigh in?
You're right.
I'll add some more info and use cases:
Normally, http is used by companies when hosting internal web pages/applications. Internal mean in a private LAN or VPN.
In the first case you may not need encryption as it's your LAN and you can trust it.
In the second case; the traffic is encrypted by the VPN and application layer (search for OSI model for more info on layers) does not need to do it.
Anyway, it's allways recommended to use https, the extra bit of work is not much compared with the sec it gives to you.
Hope make sense :)
