Chase.com's site was one that was previously not using HTTPS for their login page - we in fact used them as an example in a video made in July to illustrate the issue at SOUP'08.
We are glad to note that now they are using HTTPS for at least their login page. Customers who visit http://www.chase.com are now redirected to https://www.chase.com/Chase.html.
(Thanks to an alert reporter for notifying me to this.)
I am a professor of Computer Science and Engineering at the University of Michigan. I am also helping two companies with the design of security solutions: Compubahn and Webtap Security