How often, when you log into a site that requires a username and password, to you check to see if the connection is secure? You probably don’t give it a second thought. Most people don’t. For many sites, like newspapers, online magazines, etc., it probably doesn’t matter much. Who cares if someone logs into a news site with your credentials? They’re not going to gain anything by doing so and there’s no identity or personal financial information at stake.
For any sites where you are accessing or entering sensitive identity or financial information such as bank account or credit card numbers or government program IDs such as Social Security numbers, State identification numbers or the like, you are seriously at risk of identity theft if you trust this information to a form that is served as “http://[URL].” It’s true that the Submit button may invoke transmission of the information using https:// (SSL), but there is no guarantee that this will happen, so you risk sending your information “in the clear.”
Best practice: change all of your bookmarks pointing to financial and other sensitive site login pages to read “https:// [URL of site].”