On the other hand, so long as we fail hard in the case of invalid SSL (and implement verification correctly!), because this is a specialized app that uses a hardcoded URL, one could argue there is no need to show anything extra. If a lock would provide more user assurance, then perhaps make it a green lock. As such, feel free to take comment #3 under advisement if implementing this, but I'll soften my stance and say it is not a requirement.
On the other hand, so long as we fail hard in the case of invalid SSL (and implement verification correctly!), because this is a specialized app that uses a hardcoded URL, one could argue there is no need to show anything extra. If a lock would provide more user assurance, then perhaps make it a green lock. As such, feel free to take comment #3 under advisement if implementing this, but I'll soften my stance and say it is not a requirement.