You don't need to be super paranoid to find SSL useful. No SSL means your login data is transmitted unecrypted, which means it's easy for anybody to read it, especially if you log in from a public wifi. If you're using the same username password combination on other sites you're in big trouble. So I agree, this should really be fixed. Edit: Even if you don't log in from public wifis it's easy on this site to steal the accounts from users you share the network with.
Agreed. The sheer volume of online password protected services the average user engages with practically demands re-use of passwords if they are to be memorable. Capture one site's credential and you've often captured at least a few more by proxy. I always appreciate SSL no matter how trivial the service using it may appear to be for this reason.
Thing is, it really is convenient. If you do not want to set that up, you can always have a password like ThisIsAPassword-Hubski for hubski, or ThisIsAPassword-Facebook, it is slightly safer, makes the password stronger, and it actually helps discover where a leak of passwords came from, as usually someone will dump the passwords on pastebin without a source, and passwords like that will help identify it.
It is slightly more secure than using the exact same password everywhere, as when one site is compromised, the password can be put in a wordlist for brute forcing or hash cracking. So instead of using ThisIsAPassword for every site, you have a slight variation but it is still extremely convenient to remember it.