Switching over to HTTPS in and of itself shouldn't stop much data leakage given that the hostname - at least at current - isn't difficult to obtain (and really gives the game away for the content you're visiting as far as my site is concerned), but I suppose it's a step in the right direction and will stop primitive tracking attempts.
Protecting against code injection is actually a fair point though.
Protecting against code injection is actually a fair point though.