I'll probably get downvoted but the answer to is it "totally necessary", the correct answer really should be no. In most situations it doesn't really matter. Even hotmail.com and other large sites have unencrypted sign in processes, some requiring you to click a link to goto the https page.
It really depends on what you're securing. HIPPA data, financial information yes totally necessary. Standard forum or other website, doesn't really matter.
Executing a man in the middle attack is also not a trival event, this is really more of a concern with hostile networks (like WIFI/school networks/etc) not the internet itself. It is mostly impossible to execute a live man in the middle attack on the web itself without compromising a root DNS server. Cross site scripting is much more of a real attack vector unlike man in the middle that only really has a purpose to try to execute against large banks.