Using flag Mark non-secure origins as non-secure, you can already enable similar notification for non-HTTPS pages.
In this day and age who still uses HTTP for login pages? Most sites offer https (like here at Wilders) and who wouldn't use that option? Makes you wonder.