TLS is not just about encryption. It's also about authentication. Without it, your cat photos site can have malicious Javascript injected into it by malicious middleboxes.
In fact, the canonical way to exploit POODLE is by injecting a Javascript code into a non-SSL-protected page, which will do repeated requests to the SSL-protected page. If the user were to only access SSL-protected pages, and never went to an attacker-controlled page (by following a link on an email, for instance), the attacker can't get the user to run attacker-controlled Javascript and thus can't exploit POODLE as easily (there might be slower attacks, but the fast way requires attacker-controlled requests).
There's also the fact that, as far as I have seen, around half the vulnerabilities in the browser I use (Firefox, see https://www.mozilla.org/security/known-vulnerabilities/firef... for the list) need Javascript to be exploited. If you access a single page unprotected by TLS, Mallory can MITM you and inject Javascript into it to exploit whichever vulnerability of the day there is. If every page you access is protected by TLS, or you use something like NoScript to whitelist Javascript for only a few TLS-protected domains, Mallory can't make your browser run his Javascript and thus loses half the potential exploits.
In fact, the canonical way to exploit POODLE is by injecting a Javascript code into a non-SSL-protected page, which will do repeated requests to the SSL-protected page. If the user were to only access SSL-protected pages, and never went to an attacker-controlled page (by following a link on an email, for instance), the attacker can't get the user to run attacker-controlled Javascript and thus can't exploit POODLE as easily (there might be slower attacks, but the fast way requires attacker-controlled requests).
There's also the fact that, as far as I have seen, around half the vulnerabilities in the browser I use (Firefox, see https://www.mozilla.org/security/known-vulnerabilities/firef... for the list) need Javascript to be exploited. If you access a single page unprotected by TLS, Mallory can MITM you and inject Javascript into it to exploit whichever vulnerability of the day there is. If every page you access is protected by TLS, or you use something like NoScript to whitelist Javascript for only a few TLS-protected domains, Mallory can't make your browser run his Javascript and thus loses half the potential exploits.