And when sites like Tom's have lots of surrogate bits (advertising providers, statistics spies, backbone CRM hosted banners, etc) buried in their pages, how much does it matter if the site itself is served up with https?
I started using HTTPS Everywhere last night https://www.eff.org/https-everywhere I do not notice any slowdowns. I guess it's a good thing just like my anti virus and anti malware find nothing.
I guess this is a good idea and will make and serious sites consider using SSL by default. For most sites it seems like any sensitive areas use SSL (login screens, user profile, checkout process, etc) and plain HTTP for display regular content. For example, there should be no reason that this page needs to be secure.