When a website is using simple HTTP, whatever text or data you exchange with them, including your login details, are sent over the network as plain text. It's easy to intercept your details, and it's very insecure.
By using HTTPS, the connection between you and the website is encrypted, making it much more secure. All websites that take payments, and most major websites in general, use HTTPS, or criminals would have a field day.
There is a major push worldwide to make websites use HTTPS by default, particularly if they use logins. Both
Google and
Mozilla plan to 'deprecate' insecure HTTP. The next update to Firefox is leading the charge, and will start showing visible warnings on sites that login with HTTP. The major browsers plan to increase these measures to make hard to login to a website insecurely.