many people misunderstand what SSL or secure hosting (https://) actually is…
What it does is encrypt the page before it leaves the server and is then decrypted in the users browser. This basically prevents anyone from intercepting the packets as they travel the internet.
What is does NOT do is control who has access to the data. Your CMS, forum, wiki or other web application that is being used on the server controls who has access to the data itself.
So the question to ask yourself is… If the data was intercepted as it traveled the internet between server and users browser would that data need to be protected? Does it contain secrets, such as proprietary info, trade secrets, or personal information such as credit card or social security numbers of users? If yes, then you should opt for SSL (or HTTPS).
As for performance issues, that all depends on the sites traffic. If you have a customer occasionally accessing some of the data well that is pretty low traffic regardless of the file sizes. If on the other hand, you get a million hits a day from around the world that’s another thing.
Costs are higher for secure hosting, your site must have a unique IP address and you need to buy a certificate and renew it periodically.