Shoutbox

Technically you have a point - trillions of HTTP requests are made every day and very few are ever exploited. However, there are some key differences:

1) In most cases, an attacker would not bother to filter through the vast amount of junk that a victim browses.
2) Even if an attacker discovered that their victim downloaded files regularly from a single site, the task of creating a believable replica of the site in order to fool them is often infeasible with the time frame involved.
3) In most cases the exploiter must be on your network in order to DNS/ARP spoof. If you're home alone you're relatively safe. If you're on your laptop connected to your work's network, you're not.
4) MSN is a system that is user-to-user based - is it really that hard to envision a situation where one user doesn't like another and so decides to attack them?
5) The user wouldn't think twice about updating Plus! when the "New Version Available" dialog box appears. Attackers look to control a system where the user would be infected quickly and easily, without having to convince them in an elaborate way that the data that they are receiving is not malware.

But most people do not understand a few basic principles of network security:
If you send packets over a network that are unencrypted you must consider the data in those packets to be in the public domain - anyone on your network can read them.
If the client does not authenticate the server, anyone on your network can perform a man-in-the-middle attack in order to manipulate traffic.
In a security-sensitive environment, if you do not both encrypt traffic and authenticate the server you must consider your client to be compromised.