Webmasters should ensure that secure web pages (https) avoid offering mixed content, as standard pages (http) could comprise security.  Browsers are strengthening controls in the newer releases with beneficial warning messages.  IE9 blocks these types of pages by default and the user must then decide whether to override this.

Web Development – The need to re-engineer insecure content on secure websites

QUOTE: Recently I noted that Google is strengthening the error messages and other protections in Chrome for when web sites mix HTTP with HTTPS content. I should have gone further. Microsoft is even more aggressive with Internet Explorer 9 and Firefox has some minimal protections. Safari is barely in the SSL game at all.  The trend in browsers is clear. In the past you might have gotten away with mixed content and your users wouldn’t notice, but that won’t be the case for long.