(no title)

A malicious actor hijacking plain HTTP connections does not necessarily have to inject code that harms the user's computer directly. He/she could also just alter bits and pieces of the served content to trick the user into doing something not in his/her interest.

So while having better browser sandboxing and protection is good (and welcome), HTTPS is still necessary.