Because prospective customers get shy when the browser says that your site is "insecure"

Because it makes for better google ranking.

Because everybody's doing it.

So there you go. Mob hype and googlian dictatorship. That's why we https

No, but Google forced it so ISPs couldn't inject ads and steal their ad business.

If ISP's could do it, couldn't some bad actor?

There are only 2 ways for some "bad actor" to do this sort of MITM (man in the middle).

1) Illegally tap into a node on the internet backbone. The only cases I've heard of where this has actually occurred involved either corrupt ISPs or governments in dictatorial or 3rd world countries. If government is involved, all bets are off.

2) Inject software inside your local computer or network. In which case, all bets are off once again. Once inside your network, these "bad actors" would presumably have full access to the SSL/TLS handshake process as well and thus be able to decrypt traffic as they see fit.

Bottom line: The case for HTTPS everywhere is weak and is mostly about perception created by 3rd parties (like Google) with a vested interest.

Not that I host super secret sauce, my sites do not enforce HTTPS nor automatically redirect, they allow HTTPS.

If it is just for me and that to-be-dictators can't sneak peek traffic, so it be.