Secure authentication over plain HTTP.

A few days ago, I was sitting in a cafeteria of USC and browsing the internet on their public WiFi, when I needed to log on to some site. Unfortunately, as many sites do, this one did not use SSL by default, which meant that my username and password would be submitted in the clear. What is the reason for this gross lack of security? I imagine that many people can't afford an SSL certificate,