> Indeed; by the same "security" logic, why not get rid of HTTP too then? (Or SMTP, for that matter?)

I believe those will happen, in the long run.

The next HTTP spec includes mandatory SSL, and Google had a hand in designing QUIC, and Google has been deprecating traditional SMTP authorisation.