In fact, no, Google is not evil with this, not at all.
The first important thing about this is that the use of secure connection is not a user preference or some personalized setting. Some people might find this confusing because they are familiar with a system only from the position of an end-user. Being a software developer myself, I can tell you that security is done on application level and affects all users of the system. There is no way to technically enforce authentication security based on user choice without compromising the security of the entire system and all the other users, most of whom might rely on the system's protection of their data. Yet, if it is possible, I'd surely like to know how.
The logical choice for Google, as a public service provider, is to establish a secure environment for all of its users. It is not for the sake of security for the users only, but for the company too. Imagine, if someone becomes a victim of a security breach, and fires a lawsuit against Google, and proves that it is them who are responsible? This could be the case if they did not take the standard measures to protect the user data, and could have to face an entire community of angry users in court. Not using HTTPS is an example for such a thing - anyone can intercept your web request and see the information as a plain text. Google's user data is sensible. It seems like a simple email address and a password, but these two items form a key to all your contacts, correspondence and personalized Google services.
Moreover, Google is an OpenID provider, which means the same user password (the one of the Google account) can be used to authenticate to external systems (like the sites in the StackExchange network, including this one, YouTube, Disqus, Picasa and many other popular systems). It is hard for me to imagine that one would prefer to have his "key" to so many accounts and services being unsecured.
In general, this is a measure of technical requirements, rather than enforcement over user preferences. I, personally, would never trust a system that does not enforce the minimal security conditions like secure connection and authentication, when it comes to email, online payments and other services working with my private data.