(...the bad practice is not designing and budgeting for full HTTPS support in the first place. Make an analogy to physical security, similar to this one by EFF)
(Contra: All information is potentially sensitive (i.e., deanonymizing), therefore everyone has something to hide: that is, HTTPS is valuable even without user accounts or PII ... explain how/why)
(something about IE/XP no longer officially being a problem since April 2014, but Android 2.x devices are still in use)
(some people may worry about the energy efficiency of computation)
WIP wording: If "not supporting HTTPS" is the main point of your energy-saving strategy, you very likely have bigger problems.
(manual labor involved every year to renew and install certificates)
To ease some of the server load, a server operator can put it behind a caching proxy CDN such as CloudFlare or Amazon CloudFront. Such a CDN makes a single HTTPS request to the origin server and then reuses the data to handle incoming requests from clients.
(but what about caching proxies near the client?)
("Who needs a heart when a heart can be broken" ...so why is it worthwhile? mention appropriate points from sections above)
Q: "All this advice seems fine for new websites. However, a lot of owners of existing websites wouldn't be happy..."
A: ... (TODO: mention appropriate items from above)