I may be going a bit off topic with this, but I don't get those warnings any longer and I'm seeing they've been disabled relatively recently in Firefox. So don't know why you're seeing that one. Even though all my settings in about:config for security.warn are at True, I'm apparently not getting any of those. I may have to check further about that, though.
https://bugzilla.mozilla.org/show_bug.cgi?id=799009
This patch removes the following prompts:
1. Warning, you are about to enter a secure site
2. Warning, you are about to leave a secure site
3. Warning, you are about to submit a form to an insecure site, when you are already on an insecure site.
4. Warning, you are viewing a site with mixed content.
And further on
We already show the mixed content indicator in the address bar: globe vs. lock icon.
Also,
Support for those warning prefs has been removed.
bug 799009 - Remove support for obsolete SSL-related warning prompts
(please do not comment in bug reports: https://bugzilla.mozilla.org/page.cgi?id=etiquette.html)
Warning, you are about to enter a secure site
Warning, you are about to leave a secure site
Warning, you are about to submit a form to an insecure site, when you are already on an insecure site.
Warning, you are viewing a site with mixed content.
http://support.mozilla.org/en-US/questions/953321
So unless I'm reading the Buzilla Bug report wrong, I don't understand why you're getting that warning. It seems they are suggesting relying on the lock icon, not the popup, to be certain you're on a fully encyrpted connection.
The Verizon webmail link I gave above is https, but comes with this message.
Then, upon submitting the user and password, it switches to this. So I'm assuming that data is fully encrypted, not sent in the clear.
That only lasts a second or two, and when login is complete it immediately switches back to the first partially encrypted globe icon.
I think you should look for the actual globe vs. lock icons at the different stages of logging in, as I have. It may be the popup you're getting for mixed security content refers to the post login session, not the actually transmission of the password.
In any case, I'm not getting that popup.