Actually the target position is that https _won't_ be marked as "secure", but rather than http will be marked as "not secure". Can't really argue with that.
Oh I'm not arguing with that part, that's a good development. But that's "assume the web is just the web", not "assume the web is secure by default". The latter is a dangerous idea.
peterwwillis|7 years ago