How Google could have made the Web secure and failed -- again

Google confirmed this week it has made a change to better protect the privacy of how people search. However, it left loopholes in that protection and once again failed to seize an opportunity to encourage all sites to go secure.
You probably didn't notice, but this week, your searching activity on Google got a little safer from prying eyes. When you go to Google, it likely will transfer you automatically to its "encrypted" service, one designed to prevent potential "eavesdropping" on your searches. What's not to like with that? Chiefly, a loophole Google has left in for its advertisers and a lost opportunity to get all sites to go secure.
Blocking "eavesdropping" of search activity
Encrypted search -- officially, Google SSL Search -- protects you from "eavesdroppers" in the same way you're protected through an encrypted connection when you do online banking. Only you and the site you're talking with can "hear" your conversation. So with encrypted search, what you're searching for can't be heard by third parties. Assuming, of course, no one like the National Security Agency or hackers have cracked the "keys" to that encryption.
Google made a big push to increase the use of encrypted searches two years ago. Anyone who had logged into Google, such as to check Gmail, would be sent to the Google SSL Search, if they wanted to search for something.
This week, Google confirmed it is forwarding users to Google SSL Search even if they aren't signed in. From the statement Google gave to me when I wrote about this on my Search Engine Land site: