Our web developer recently told us that Google will rank/place and promote secure sites over regular http sites soon if they're not already doing so.
Once that is policy, if you're not https you will be penalized and your ratings will suffer. At that point, most legit sites will probably spent the $100-$300 for the SSL certificate.
Browsers have been clamping down on how they treat non-https websites, it is feasible that they will be treated to the same blocked page form that invalid certificate sites have seen for years. I had my employees stop servicing non-https clients and sites in late 2010, any clients that did not meet minimum TLS standards on public facing infrastructure were politely shown the door. In 2018 this is a great thing that these sites still exist - we use them regularly to inject malware attacks by piggybacking on the unsecured connection.