Because there are various things in HTML and JS that require https.

(Though getting the browser to just assume http to local domains is secure like it already does for http://localhost would solve that)