Jeremy Keith raises a point that I've been ponding on for a long time. The web has always been backward compatible, but using https is not (specifically through versions of TLS).

He had direct feedback from one of his community members who couldn't access the site. Apple is the problem again.

On desktop, that is. If you’re using an older iPhone or iPad and you can’t upgrade to a recent version of iOS, you’re screwed.

I've seen this when I've tested some sites with IE6 on older Windows machines - sure just a test, but real people will encounter this brick wall too.

Do we make our sites secure and lock individuals out, or do we run with insecure (non-encrypted http requests), but support everyone?

I think the answer is simple, but as always, context is what will drive the decision.