So it seems that wordpress.org now serves traffic over SSL, and will soon be switching to SSL only. In the comments on the above article, Andrew Nacin said:

Yeah, all of WordPress.org will be 100% forced SSL soon.

For WordPress, I suspect that this was largely a pragmatic decision to take advantage of SPDY, but I’ll take it! Whatever gets more of the web encrypted.