The display of TLS vs non TLS makes me a little nervous. A lot of thought has gone into those little lock icons. They can instill a false sense of security -- but it is also important to make TLS issues obvious. Can anyone comment on the handling and display of site certificate info?
The nice thing about lock icons is that they can indicate EV certificates (extended validation, where the organization basically paid some more to be verified more thoroughly). Unfortunately that's not something I can do with qutebrowser because of missing QtWebEngine API to get that information.
Another feature is to make it obvious whether you're connected via plaintext HTTP or HTTPS. qutebrowser solves that by showing the whole URL in white/green respectively.
When you see a "broken lock" icon (i.e. when there was an actual TLS issue), you did already get a big error page you had to confirm, or (in case of qutebrowser) a prompt, so you already know there's no TLS going on, right? In that case, qutebrowser shows the URL in orange.
