Most savvy users don't even know what HTTPS even does (I didn't even pay much mind till 3 years ago), and as many of my Qualys SSL Labs tests have found- most sites even if they use HTTPS may be setup so horribly that it's almost pointless. Other sites still don't even use it, like the very link above that's trying to alert users about the dangers. Shopping sites only kick into HTTPS once you click in the login page, but not while you're browsing beforehand. And the odd warning about an "insecure HTTPS connection" are too far too few- I very rarely run into them. So it's like alright, they'll listen to that one warning and then get back to browsing the other 80% of sites they visit that use no HTTPS... (One site over HTTP that gets modified in a man-in-the-middle attack, and they lose). These warnings would be pointless, however colorful or dumbed down. Unless computer security is a hobby or job, most people can't juggle it with everything else going on in their lives. They don't have the time to learn or care. And they don't have the money to hire a tech, or the time to find a competent one. Everyone uses electricity, but not everyone is a electrician. Everyone drives cars, not everyone is a mechanic. VPNs. Until the web finally adopts and maintains TLS for every domain (which is going to be years from now, if ever).
Hate those warning, they only prolong access to the webpage, I have to click 2-3 more times just get to ignore/continue. At least UAC can be turned off, if users want it to, but this can not. No wonder, people ignore it and skip it, when it really matters.
