I've never noticed that, I'm using the HTTPSEverywhere plugin, so it's always been HTTPS for me. I reckon since everything on the site is already public, there would be very little incentive to hijack somebody's session - the gain from it would be minimal unlike somebody that processes sensitive data.