Normally, I'd completely agree that if it's a feature people want, then they can pay for it. But SSL isn't just about protecting the person's data, it's about preventing people from snooping their login credentials over unencrypted traffic (e.g. at a coffee shop). If they use the same login as their email or other accounts, then by excluding SSL from any tier, you're putting those users at risk, not just within your own app, but for their other accounts as well.
In an ideal world, if your app has the ability to login, it should have SSL. And I'm not trying to be a judgmental idealist either, just answering the "why" question after thinking it through. I'm certainly guilty of having a couple old apps out there I've not yet updated to use SSL. I think I may have to go do that now.
You're completely right and in fact all URLs where your login credentials are transfered (login, signup, change password) are guaranteed to be SSL regardless of which plan you're on.
If SSL is too expensive for the Basic plan, consider dropping it altogether, or increasing it to EUR 9.95. You can also slash the free plan in half (1 project, 5 MB, 50 tasks) to encourage people to move on to paid; one project is more than enough to decide if the tool is for you.
I can't help thinking the github model might work here: publicly viewable mindmaps are free and you pay to restrict access to specific signed in users. Privacy is a better selling point than security, and some publicly shared mindmaps will generate backlinks.
In an ideal world, if your app has the ability to login, it should have SSL. And I'm not trying to be a judgmental idealist either, just answering the "why" question after thinking it through. I'm certainly guilty of having a couple old apps out there I've not yet updated to use SSL. I think I may have to go do that now.