"mark non-secure origins as non-secure." The name of that option seems to be chosen to apply a bit of pressure to anyone who sees it. Nothing wrong with that of course - it's our existing habits of trusting HTTP that are strange.