It's not about the money. As patrick said you can get free certs from StartSSL, and companies like namecheap offer 1-year free certs if you buy a domain. It's about 1) lack of knowledge, 2) lack of support by shared hosting companies and 3) laziness.

That was my point; the server could automatically generate a self-signed cert even if the administrator is lazy or ignorant.

SSL rules remain the same, and SPDY runs over SSL.

My opinion - get a real signed cert. A basic free one from startssl.com is available.

The PKI has problems to be sure and needs to evolve. But simple forms of eavesdropping and MITM attacks need to stop. Its great that SPDY is SSL based.