Thanks for raising awareness.
I am not experiencing any of the issues you are facing and have been using
Trisquel 6 since it was a release candidate (I was using 5.5 before that).
I use NoScript aggressively and have HTTPS Everywhere enabled. I always avoid
enabling javascript if I can. For instance, I use ViewTube for Youtube and
the html version of Gmail (until I get around to setting up my mail server).
I found this and may be the cause of your problem;
http://www.blog.asafewebsite.com/2011/02/https-stripping-attack-using-sslstrip.html