Any site viewed over plain HTTP is susceptible to content injection by ISPs, public wifi providers, employers, etc, basically anyone between you and the server. At best it's annoying, at worst it's a security hazard.
And as someone else mentioned, the session cookie is still transmitted in plaintext, which effectively compromises your Feedly account.
Not to be too glib about it, but for God's sake, who cares? It's my Feedly account. It holds my read/unread status for my daily newsfeeds. What's the big hacker target here? Spoofing that I've already read Hacker News today? Subscribing me to feeds I don't want? I encourage Feedly not to waste time securing that on my behalf.
And as someone else mentioned, the session cookie is still transmitted in plaintext, which effectively compromises your Feedly account.