nice -- cuts alarmist warnings down to appropriate level Rated 5 out of 5 stars
Which is worse, an http (non-secure) page or an https page that's secured only by a self-signed or unrecognized-CA-signed certificate? Neither of them proves or disproves the identity of the site, so that's not a difference.
The http site is definitely making no effort to secure the information transfer in either direction. So if anything, the self-signed https is better than plain http. Once you've decided to submit some private information to the site, would you rather use their http form or their self-signed https form? Clearly the https.. So why do we get multiple levels of dire warnings on visiting the self-signed https site and no warnings at all for the http site? (Aside from the browser warning when you first *submit *a form over plain http, which we all dismiss with "don't show this again").
The only legitimate reason to treat the self-signed https site so cautiously is so we aren't misled into thinking that the site's *identity* is validated just because it says "https". But this can be shown by a visual indication such as the add-ons "Safe" or "Calomel SSL Validation" (as well as the little notification bar put up by Skip Cert Error when first setting the exception).