WordPress will be moving towards requiring SSL in 2017.
SSL basically means the link between your browser and the server is encrypted. SSL used to be difficult to implement, and often expensive or slow. Modern browsers, and the incredible success of projects like Let’s Encrypt have made getting a certificate to secure your site fast, free, and something we think every host should support by default, especially in a post-Snowden era. Google also weighs SSL as a search engine ranking factor and will begin flagging unencrypted sites in Chrome.
First, early in 2017, WordPress will only promote hosting partners that provide a SSL certificate by default in their accounts. Later they will begin to assess which features, such as API authentication, would benefit the most from SSL and make them only enabled when SSL is there.
Separately, I also think the performance improvements in PHP7 are particularly impressive, and much respect to everyone who worked on that project. WordPress will consider whether hosts use PHP7 by default for new accounts next year as well.