Maybe, if no login is needed or other personal data needs to be transfered, unencrypted http can still be used, but only for static pages.