The Google Chromium (and therefore Chrome) developers have decided to break the web in the name of security. Starting with Chrome 21 (released last month), on HTTPS pages that reference non-HTTPS content (scripts, stylesheets, etc.), the cleartext/HTTP request will be blocked, and a shield icon displayed in the corner of the address bar.

I've seen this break several sites.  Users have the choice to override the block, but most won't notice the little shield in the address bar, which allows them to override the blocking and reload the page with all content intact.  All they'll see is a site that looks plain (no CSS) or is missing content or that doesn't respond when they try to interact (no JavaScript.)

They say quietly blocking requests is "less intrusive" than throwing up an infobar warning at the top of the browser frame (apparently breaking pages is not intrusive at all.)  It's ironic that they praise the infobar approach for "high visibility", something the new approach lacks.  The infobar ultimately had to go because it violated a principle, "Don’t get in the way" -- as if totally breaking perfectly valid pages is not getting in the way.

I understand why mixed-content pages are dangerous, but I'm frustrated by the condescending "Google knows best" attitude to pushing this out.  Also, they act like everything should be fine because they've extensively tested with Google, Facebook, and Twitter, as if those are the only sites on the Internet.  But hey, they said "We’re sorry for any temporary disruption."