The biggest practical issue that I have with the author's advice is that most people just want to type domain.tld into a web browser. This will guarantee that most people will get the http version of the website which is not ideal. You'll get a large number of, you should add security to your site messages. Also, Many firewalls (looking at you fortinet) block http by default and only allow https through. So in addition to the why doesn't your site have security, you'd also get, why is your site down/blocked?
"Starting in version 90, Chrome’s address bar will use https:// by default, improving privacy and even loading speed for users visiting websites that support HTTPS. Chrome users who navigate to websites by manually typing a URL often don’t include “http://xn--ivg or “https://xn--ivg. For example, users often type “example.com” instead of “https://example.xn--com-9o0a in the address bar. In this case, if it was a user’s first visit to a website, Chrome would previously choose http:// as the default protocol1."
