We're looking to find out what proportion of moodle sites are and aren't protected by secure login pages. We've traditionally done this when possible because it's the user's network password (where they're staff or students) sent via the login form.
Using HTTPS for this gives us problems internally as, due to our proxy monitoring secure traffic, a custom CA certificate has to be installed on the client device to access secure web pages. Which doesn't really work on mobile devices using our wireless network.