Somewhat ironically I think it's never been safer to rely on HTTPS. Browsers don't let any old thing pass any more.
Favicons only appear in browser tabs now. If I saw a padlock in my browser tab or HTTP for a HTTPS site like gmail, I would close the tab.
If you want to check the certificate authority you just click on the HTTPS and you get the certificate authority. If it's Turktrust or something strange then something's obviously wrong.
Having a fake MITM on a company laptop is mitigated with Firefox which doesn't use the OS's certificate store.