My guess is a misunderstanding of how easy it is to get a credit card to make a payment. This hasn't gotten any easier, so there truly is no downside at this point, unless people automatically think a SSL means a site is trustworthy. I think that's just education, and is likely to come into public consciousness the longer secure sites are pushed as the default.