Chrome will soon begin marking sites without HTTPS as insecure. Safari already gave me a popup on login that TMD is insecure. While I don't really care about the possibility of someone sniffing my TMD password, these things could drive away new users.
Certificates may now be obtained for free using Let's Encrypt. The additional server load is negligible.