Sniffing credentials demands already local access to the network, and is less likely to be a threat(but still there, of course) since most network equipment is switches nowadays and not hubs.
Sniffing credential could of course also be achieved outside local network by setting up an public proxy server and let people to use that for "hiding their IP". Quite successful if you listen on this; https://www.youtube.com/watch?v=xDslqMCaLZM
What I wanted to point out, is that you doesn't get more secure from "bad guys" attacking your devices by forcing HTTPS/SSL, if you want to be secure from "bad guys" - keep the stuff of Internet. And if you still need to have stuff online, use HTTPS/SSL (with no public proxy) and go away from common known/used ports (I.e. 80,443,8080,8443), that will give yourself less detectable from "bad guys and/or bad worms".
I surely like HTTPS/SSL and always trying use that along non well known ports on my own devices.
Well, whatever, quite boring thread now...