[jakub_g]

Browser should display a scary warning popup when submitting form to http (either always, or maybe at least when there is input type=password in a form). This would be annoying enough to get management buy-in to implement https, if someone still maintains the app - better than a tiny icon.

Breaking stuff is a last resort, nuclear option. There are many forgotten, old web apps that would totally stop working and people would switch to another, less secure browser as a result.

[nandhp]

They used to -- see http://www.kentlaw.edu/faculty/rwarner/classes/legalaspects/... (§2.4, about half-way down) and http://labs.ft.com/2014/05/do-we-really-need-to-hide-the-url...

But it was removed in later versions of Netscape and Internet Explorer, because everyone turned it off as soon as they made their first search engine query.

[jakub_g]

I remember that, though honestly internet was a bit different 15 years ago - it was in (almost)-pre-HTTPS, pre-public-WiFi, pre-Snowden times. It's time to progress now that the realities and technical capabilities changed.

Today there should not be "do not display this anymore" checkbox.

[martingordon]

FWIW, 1Password will do this: https://15254b2dcaab7f5478ab-24461f391e20b7336331d5789078af5... (not my image)

1Password will also refuse to autofill passwords when it can't verify the application's signature (for example, if Chrome hasn't been updated in a while).

[kqr]

That is not particularly scary though. That's the kind of thing a user will automatically press "next" on. This is the kind of warning that looks scary: http://i.stack.imgur.com/2kaXO.png