> As to the white non-secure flag, I'd tint it slightly yellow so it raises an eyebrow at people interested in their own privacy; white is too ignorable, and much harder to see at a glance. On the whole, it's an interesting idea, as it'd effectively turn the whole http/https battle into a slight-but-real push to move to https entirely.

Exactly what I'm thinking. Just raise it as info, then change it to a warning progressively over time, with some advance warning to web developers.