This has definitely come up in the past and I've probably engaged in discussions on it too.. what can I say, I like to be contrary on occasion and have a bit of a discussion
Yeah there isn't anything you've said that I disagree with, you are on point, and I very much agree with your above assessment.
My professional life is centered around more of the infrastructure/end point/network security aspects and very little around anything appsec focused, so some of that may color my thought process.
Now for my opinion, to take advantage of the lack of SSL, an attacker would have to compromise some device that is capable of network sniffing and be positioned appropriately on my network to pick up on such traffic. Which really is what depresses that likelihood assessment for me personally. I'd also suspect that many IoT devices don't even have the necessarily functionality built-in to their underlying OS to even facilitate packet capture.
When I think of SSL in the grand scheme, outside of just the world of Hubitat, I'm not sure I can think of any attacks that I've responded to, investigated, researched, read about, etc where a lack of SSL had any sort of impact (that's not to say it hasn't, I'm sure it has, I've just never encountered it). It's just not generally the path that the majority of attackers go down in my personal experience. If you're a target of sophisticated attackers, there's also much better places to spy on you to capture useful information then capturing your Hubitat's HTTP traffic. Don't think the NSA (or any government entity) is really going to care about our home automation stack.
Now all that being said, definitely should implement it on the hub. It's low cost, adds some level of protection, and is the right path to take for modern security conscious products (and especially considering things like Hubitat dashboard).
But in the context of this thread, what it comes down to is I personally don't feel the need to go out of my way to utilize a beta feature. It has some bugs and hasn't been worked on heavily recently (as far as I know). Given it's status as unreleased/unannounced beta feature at the moment, so I would anticipate some bugs until it once again becomes a priority. One day when it's released, I'll use it because why not!
But that's just one random guy on the internet opinion and isn't meant to detract from those who want to make use it.