[hirsin]

This is an issue we're encountering. One solution is trust on first use of a self signed cert, which makes the scary untrusted page a one time cost. This isn't terribly easy in the browser though. With more IOT devices entering the market, this could become a more common issue.

Using https for a local network connection will also be more common, in the case you decide you don't trust the network.

[kelnos]

I think for the case of the home router admin page (or really any admin page on your local network), the browser can easily detect that it's being served a page on the local net, and could provide a less scary warning that has some text that acknowledges that you're on your local net and that either ignoring the password form security warning (for http) or accepting the self-signed cert (for https) is probably ok. Whether they'll do this is another question...

[Whitestrake]

It absolutely makes sense not to display warnings that HTTPS isn't in use in circumstances where HTTPS is not feasible - i.e. local addresses. It's simple enough for a browser to determine. I don't think conditionally accepting a self-signed cert is necessary.