And then it was later found out that, like I detailed in my edit, that that wasn't enough. Attackers could just modify the login page link on any unencrypted page and phish you that way. What I described is just one of many reasons the industry as a whole pushed to full-encryption.