There's no reason why browsers have to display "https://" or even "http://".
Except, that's a significant part of the address. "http://somesite.org" and "https://somesite.org" could, potentially, point to different content (certainly different vhosts).
Web servers already display different content to users based on their geographical location or their login cookies or any number of state variables, and these content changes are not reflected in the URL. Your point means nothing.
Sites using https generally do so because they want to exchange sensitive data, and the use of a self-signed certificate might indicate that a MiM attack is in progress, or (possibly more likely) that the site is being run by a cowboy outfit who can't be arsed to get proper certificates. So, a self-signed https connection is always slightly fishy (there are plenty of innocent explanations, but identifying those requires human judgement + technical understanding).
This is a tautology. Since today's browsers are so alarmist about self-signed certificates, the use of self-signed certificates is automatically fishy. If you remove the alarmism then the amount of legitimate usage of self-signed certificates would increase dramatically.
self-signed https = someone could be mounting a man-in-the-middle attack or you may have been spoofed/phished to the wrong website.
The same holds for regular http. Someone could be mounting a man-in-the-middle attack with regular http.
Meanwhile, there is one big difference between http and self-signed https that you omitted. With regular http (and only regular http), large-scale attacks like police surveillance and content filtering become possible. https (even self-signed) prevents large-scale passive attacks.
I'd suggest (3) is by far the best place at which to start nagging - most users will rarely encounter this situation (only sites with very small user bases, like home servers or in-development sites have a real excuse for not getting a cert) so you're not going to swamp typical users with bogus warnings. For the typical user, this does mean that something out-of-the-ordinary is happening.
Again, the fact that self-signed certificates are out-of-the-ordinary is a tautology that you helped to set up by insisting that they be treated as out-of-the-ordinary.
And remember at the end of the day, all browsers like firefox actually do is warn you, encourage you to view the certificate and decide whether you want to trust it temporarily or permanently
NO! That's not what firefox does. If firefox did in fact do what you claimed it did, then I would be happy.
In practice, firefox effectively blocks self-signed certificates entirely. It takes five (count them, five) mouse clicks to connect to a self-signed https site in firefox, compared with one mouse click in IE. A regular user is scared away after even one mouse click, much less five. Thus in practice firefox ends up blocking self-signed certificates entirely.
Regular http has no warnings whatsoever, even though every attack against self-signed https is also possible against http, and some attacks against http are not possible against self-signed https. This situation is absurd beyond belief.