>
>
> A nit: The restriction of "Powerful Features" to HTTPS isn't primarily to
> encourage HTTPS adoption: it's because these features are potentially
> dangerous,
>
Yes, true. The motivation to move to https is only a small facet of the
motivation there.
However - if in light of new requirements I had to choose solution spaces
between "Powerful Features" and possibly allowing users to grant something
like Geolocation permissions to an insecure app (perhaps with extra
warnings, in-context, at that point) vs. "Mixed-Content" and possibly
undermining or complicating the basic guarantees of HTTPS for all users and
all applications on the platform, I would still choose to work in the
"Powerful Features" solution space in a heartbeat.
The possible compromises and consequences in the "Mixed-Content" space
(outside of optimistic upgrade) all have much more collateral damage.
-Brad