Wordpress has released a third-party security report by Securi on website infections, which has the disturbing conclusion that Wordpress was the most commonly hacked platform. The company studied 8900 such attacks. Most attacks seem to be related to plugin vulnerabilities and inadequate security maintenance by webmasters (many who self-host) or hosting companies. The symptoms and vulnerabilities seem to vary widely.
Most of the attacks seem to be somewhat automated, probably motivated more my money than politics.
I am looking more into the question of expanding https and expanding services like SiteLock (which I already have). The best practices for sites hosted by large companies still seem obscure, and I’ll look into this further. The “https everywhere” issue is evolving quickly. EFF offers a browser plug-in to simulate it now. I’m still waiting to see more material by blogging gurus (like “Blogtyrant”) on security topics.