We should consider getting rid of the "insecure form submission" dialog. Is the dialog useful for getting users to check for the "lock" icon before typing sensitive data, or do they ignore/disable the dialog after the first time they do a web search and then forget about the warning?
(Text of dialog: "The information you have entered is to be sent over an unencrypted connection and could easily be read by a third party. \n\n Are you sure you want to continue sending this information?") In general, I don't like security dialogs that appear often. Some users leave this dialog enabled, so they're likely to get ready to click "Continue" after clicking the submit button on a web form, and not read the dialog. A web site could put up an XPInstall or Signed Script dialog when the user expects an insecure form submission dialog, and that would be bad. Could we replace this dialog with a one-time dialog like the password manager intro dialog, or change the checkbox to be unchecked the first time the user sees the dialog?
