Comment 239 for bug 232340

(In reply to comment #188)
> Uh, if Security = Encryption * Authentication, then is it a valid bug to note
> that firefox fails to display a nasty banner every time a user browses a site
> that doesn't use SSL?

Did you already try the upcoming beta for FF3.5? More positive indicators are produced by the UI now.

> Don't get me wrong - I'm fine with informing the user about the security of a
> website, but it seems wrong to me that a site that uses no encryption or
> authentication at all is treated as perfectly safe when a site that uses strong
> encryption but a questionable form of authentication is treated as being
> extremely dangerous.

There is a setting in Firefox to warn always before submitting any data over plain text. It's extremely useful to prevent sending information unsecured.