Faced with a choice of obtaining a TLS certificate or just going for the old HTTP/1.x protocol, it'd be a hard sell for HTTP/2 for any one-off, quick hack experiment/microsite/internal APIs...
The problem is browsers are mostly lousy at giving a good user experience with self-signed certificates. 99% of the time, self-signed doesn't matter except if the certificate changes unexpectedly - i.e. the service just isn't that important.
The 1% of sites it does matter for are things like banks and the like, where you need to hammer into users heads that certificates should be valid via other means.
Of course, it's casually accepted that it's a-ok for companies to MitM their employees encrypted connections anyway, so I don't really know where that leaves us.
