Comment Re:Wait a minute... (Score 1) 324
That's an argument for having the browser try HTTPS first, optionally falling back to HTTP if HTTPS isn't available. That's fine by me. It's not an argument for disabling capabilities of HTML/Javascript/etc. just because the transport isn't encrypted. It's also not an argument based on security but on privacy, and there's plenty of privacy problems that exist regardless of whether the connection's encrypted or not (eg. web bugs placed in advertising coming from servers in the site's domain (but not operated by the site and not on the site's network) that then use plain query-string parameters to relay data to off-site servers bypassing browser origin checks).