I thought Chrome already did this, at least sometimes?
...or maybe I'm thinking of a different browser.
I'm almost sure that I've seen at least *one* browser automatically block http requests on https origins.
Good change, yay, well done and let's have all UAs do this. :)