Without SSL, users' data is transmitted over the wire unencrypted. Is that an acceptable risk?
Everyone here is using a discussion forum that does not use SSL (and SE is not unique in this regard; e.g., reddit doesn't use SSL)1.2017 EDIT: stackexchange and reddit now both use SSL unlike when this answer was written in 2013
A network eavesdropper between my computer and stackexchange's servers (e.g., other users of the same wifi access point, or at my ISP, or network administrators at my work) could steal my authentication cookies or alter my messages and get full access to my stackexchange account. I'd rather that not happen, so I don't use stackexchange on public wifi and trust my ISP to not steal and misuse users' secret information.
Granted, this is a risk I'm willing to take. While someone capturing my stackexchange account (temporarily until my session cookies expire), they wouldn't capture much information and most of their actions could be later undone (e.g., any edits can be reverted).
Also, don't equate SSL on VPS with full privacy. You still must inherently trust your VPS host, which can easily grab your private SSL certificate from your VM (its on a file on their disk) and then decrypt all your incoming traffic. I doubt most reputable VPS providers would do that, but they definitely could.
1Well stackexchange let's you authenticate through an OpenID provider like google/facebook/yahoo/etc, and those providers will use an https connection (at least everyone I checked) so the password is sent encrypted. They do have a "login with stackexchange" option which directs you to a http page that uses javascript, so the form submission with the password should be transmitted encrypted (using SSL). Granted, it would be trivial to launch a MitM attack on this, as the https
connection is not readily apparent to the user. And again, while the attacker cannot grab your password, they can later grab the session cookie so they will appear as an authenticated version of you.
Similarly for reddit.com, they (secretly) use SSL for the form action, but as the form is hosted on a non-ssl page it is easy for an attacker to launch a MitM attack and capture your password. Granted reddit.com does have an SSL version with a properly signed CA, but this site is not on their CDN and is only meant to be used by advertisers/people making credit card transactions at the moment.