I agree completely. If you warn about self-signed certificates (or worse, reject them) you should do the same thing for http. In my opinion browsers should never warn users about certificates. They should block access if an attempt at identity fraud is determined, grant access in all other cases, and show the green ui if identity can be confirmed (ca-signed certificate). Presenting the user with any kind of choice is counterproductive because 99+% of users don't understand the choice.