Expect insecure login and payment pages to show up in places you really did not want them in the first place...
2 plus ones
Shared publicly•View activity
- If I don't agree with marking all HTTP pages as insecure, that is in large part because it would obscure the actually dangerous insecure sort of page that this exemplifies.23w
- https also does nothing against sql injection, cross site scripting and other wonders of the web. So this is one tiny step.23w
- they mention that as a fairly explicit goal: each step should not hit too large a percentage of sites, so it hits hard enough to make devs change their behavior. Salami-slippery-slope-tactics used for good instead of evil, which: kudos.23w