Moving forward, Chrome will disable autofill on mixed forms, so that the page isn’t automatically populated with potentially sensitive or private information about you. If a mixed form has login or password prompts, you’ll still be able to use Chrome’s password manager. That helps people enter unique passwords and it’s “safer to use unique passwords even on forms that are submitted insecurely, than to reuse passwords,” Panditrao wrote.

If you start entering details on a mixed form, a warning will pop up to tell you it’s not secure. When you try to submit such a form, a full-page alert will explain the potential risks of doing so, and ask if you’d like to continue anyway.

This appears to be part of a plan Google announced last October to block HTTP subresources on HTTPS pages by default in Chrome. That’s been a gradual process. Tackling mixed forms is a positive move, and hopefully it’ll prompt more developers to migrate forms on their sites to HTTPS.