Maybe you don't listen on port 80 but I can imagine a standard web server using Let's Encrypt, for example, that could suffer from a user leaking credentials by inadvertently using HTTP rather than HTTPS.

I have to look into some protections to this. I recently did a project and used Basic Auth for expediency thinking that later I would replace with a "proper" auth form. My theory was that this was better because sending cookies is based on the protocol also not just the domain.

Safari on iOS does not play nice with Basic Auth. No credential saving, re-promting you for credentials on each page you navigate to.

non-iOS browsers seem to handle HTTP basic auth gracefully.

There was a time that I can remember practically every site that needed a login using basic auth, before people switched to textboxes.