Yes SSL is important for security. Professional sites should at the very least require SSL for login, registration, user profile , and any other pages that contain sensitive data. Its an absolute must have for e-commerce sites.
However, those running blogs or other sites where the data is not so sensitive have to weigh the cost of the SSL certificate against the possible consequences of a breach and may find that they can live with the risk. For example, if you don't have SSL, it is possible that someone with access to an upstream router can sniff packets while you are logging in and steal your password. Obviously, if the site contains sensitive data this is very very bad, but if the site is just a blog, the only real possibility for damage is that the person who steals your password can deface your site. The odds of this actually happening to your blog seem kind of slim to me and the consequences are not catastrophic or expensive, just very annoying. Its a big internet out there with lots of sites and it seems unlikely that someone (who has access to an upstream router) is waiting around for you to login to your blog while sniffing packets until you do. I would say that whether or not you do use SSL, you should be careful and not ever use the same password for your blog as for your online banking.
I recently upgraded the SSL certificate on this site from a self signed one to a certificate from RapidSSL.Com
, the prices were very reasonable, much more economical than I expected. If you use the free 30 day trial certificate, you get an even better price because of their upgrade special. (Thanks to Aaron King for pointing me to RapidSSL recently when I was inquiring about a signed certificate)
In mojoPortal, there is a web.config setting SSLIsAvailable, if set to true, mojoPortal will always use SSL for login, registration, password recovery, user profile, etc. In addition, when this is set to true a setting will show up in the Pages Settings fro each page to allow requiring SSL on a page by page basis. There is also a setting in Site Settings to require SSL for all pages in the site without having to specify it on each page.