All government adverts in Australia publish the website name with no "https://" (TV, newspaper, mailouts, etc) - for example - "census.abs.gov.au" and "aec.gov.au" - both of which collect sensitive PII. Literally millions of people access these sites using free wifi etc, thus affording them no protection whatsoever regardless of the cipher strength, since MitM attacker can strip all TLS at will.
I recommend that all websites using no downgrade protection at all (e.g. HSTS, HPKP) should have their ratings capped *below* an "A" - so those operators have the necessary incentive to *actually* protect their users.
Granting them a pretty green "A" basically means that they terminate their concentration on improving security at that point, because they've got the "A" that their manager expects.
An "A" should not be so misleading - it should convey at least "best practice", and omitting downgrade protection is not it.