Yes. And I remember sniffing Facebook traffic in clear text in 2011. The fact remains that it was considered a significant engineering problem for them to deploy it. It was a "best practice" that most people rolled their eyes at.

Most users and system owners didn't care unless money was being transacted.

Between Snowden and ISPs injecting content into pages, the consensus changed.