When you have publicly accessible resources that must be available to all, but you can't guarantee that the accessing systems are configured correctly to use HTTPS.
There are plenty of scenarios in which this happens online:
* Legacy systems (e.g. Aminet)
* Software distribution (e.g. apt mirrors)
* Anything involving FTP where a HTTP mirror would be useful (e.g. overcoming FW restrictions)
* Anything where permissionless access is a requirement (HTTPS is a permissioned system)
Like, how does it happen, ever?
And what happens to your users' credentials if you do?