The 9.0.2021.112 (and possibly earlier) version of the Avast plug-in for Safari definitely breaks encrypted connections. Connections that would normally be https/encrypted are now just http/unencrypted connections. And to clarify, this is with the “Scan secured connections” preferences box unchecked. Looking at the Safari web inspector warning log reveals several instances of of Google passing insecure content (see warnings below). When the plug-in is turned off, there are no errors and all connection retain their https/encrypted connections. The content that it is being sent insecurely might not be a big deal, it’s the fact that it is sending insecure information at all. An encrypted connection should encrypt all the content of that connection. This is a major flaw/bug in Avast’s plug-in. By the way, I called Avast Support and was in the process of telling them about this and the support technician hung up on me.
[Warning] The page at https://www.google.com/?gws_rd=ssl ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. (www.google.com, line 0)
[Warning] The page at https://www.google.com/?gws_rd=ssl displayed insecure content from http://themes.googleusercontent.com/static/fonts/gloriahallelujah/v5/CA1k7SlXcY5kvI81M_R28bhi4u8Y7RaAY_ljmVkqsb8.woff. (www.google.com, line 0)
[Warning] The page at https://www.google.com/?gws_rd=ssl displayed insecure content from safari-extension://com.avast.wrc-6H4HRTU5E3/222e31f0/common/skin/img//icn_float_green.png. (www.google.com, line 0)
[Warning] The page at https://accounts.google.com/ServiceLogin?hl=en&continue=https://www.google.com/%3Fgws_rd%3Dssl ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)
[Warning] The page at https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1015975638×tamp=1404228541358 ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)
[Warning] The page at https://accounts.google.com/ServiceLogin?hl=en&continue=https://www.google.com/%3Fgws_rd%3Dssl displayed insecure content from http://themes.googleusercontent.com/static/fonts/gloriahallelujah/v5/CA1k7SlXcY5kvI81M_R28bhi4u8Y7RaAY_ljmVkqsb8.woff. ([native code], line 0)
[Warning] The page at https://accounts.google.com/ServiceLogin?hl=en&continue=https://www.google.com/%3Fgws_rd%3Dssl displayed insecure content from safari-extension://com.avast.wrc-6H4HRTU5E3/e2f8cb10/common/skin/img//icn_float_green.png. (ServiceLogin, line 0)
[Warning] The page at https://mail.google.com/mail/?tab=wm&pli=1 ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)
[Warning] The page at https://mail.google.com/_/scs/mail-static/_/js/k=gmail.main.en.13f3zccySbs.O/m=m_i,t,it/am=_Iw4jJBxf6E4w136gNp_73t2SfGzvkfxI0wAQtgJwP9m_w_gfrAfyo4F/rt=h/d=1/rs=AItRSTPgFhhFB7vS1tUpL9rpi4jzWXhKLw ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)
[Warning] The page at https://mail.google.com/mail/?ui=2&view=bsp&ver=ohhl4rw8mbn4 ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0, x3)
[Warning] The page at https://mail.google.com/mail/?tab=wm&pli=1 displayed insecure content from safari-extension://com.avast.wrc-6H4HRTU5E3/e2f8cb10/common/skin/img//icn_float_green.png. (mail, line 0)
[Warning] The page at https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fmail.google.com#rpctoken=757437573&forcesecure=1 ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)
[Warning] The page at https://talkgadget.google.com/u/0/talkgadget/_/chat?client=sm&prop=gmail&nav=true&fid=gtn-roster-iframe-id&os=MacIntel&stime=1404228675633&xpc={"cn"%3A"ep61l2"%2C"tp"%3A1%2C"ifrid"%3A"gtn-roster-iframe-id"%2C"pu"%3A"https%3A%2F%2Ftalkgadget.google.com%2Fu%2F0%2Ftalkgadget%2F_%2F"}&ec=["ci%3Aec"%2Ctrue%2Ctrue%2Cfalse]&pvt=AMP3uWaykUe0dxZBlnDOHfHDMwWD9fwKyzTWCnepghoQUhjLUrVQX_RZMQl96JOO__tef3jo0FLYs1GuHtRnNut26xR0qYlveg%3D%3D&href=https%3A%2F%2Fmail.google.com%2F_%2Fscs%2Fmail-static%2F_%2Fjs%2Fk%3Dgmail.main.en.13f3zccySbs.O%2Fm%3Dm_i%2Ct%2Cit%2Fam%3D_Iw4jJBxf6E4w136gNp_73t2SfGzvkfxI0wAQtgJwP9m_w_gfrAfyo4F%2Frt%3Dh%2Fd%3D1%2Frs%3DAItRSTPgFhhFB7vS1tUpL9rpi4jzWXhKLw%3Frel%3D1&pos=l&uiv=2&hl=en&hpc=true&hsm=true&hrc=true&pal=1&uqp=false&sl=false&hs=["h_hs"%2Cnull%2Cnull%2C[2%2C1]]&moleh=380&mmoleh=36&two=https%3A%2F%2Fmail.google.com&host=1&zx=4xvib2teez9q ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)
[Warning] The page at https://mail.google.com/mail/?tab=wm&pli=1#inbox displayed insecure content from http://themes.googleusercontent.com/static/fonts/gloriahallelujah/v5/CA1k7SlXcY5kvI81M_R28bhi4u8Y7RaAY_ljmVkqsb8.woff. ([native code], line 0)
[Warning] The page at https://plus.google.com/hangouts/_/hscv?pvt=AMP3uWaykUe0dxZBlnDOHfHDMwWD9fwKyzTWCnepghoQUhjLUrVQX_RZMQl96JOO__tef3jo0FLYs1GuHtRnNut26xR0qYlveg%3D%3D&xpc={"cn"%3A"8qdyZvkvaa"%2C"tp"%3Anull%2C"osh"%3Anull%2C"ppu"%3A"https%3A%2F%2Fmail.google.com%2Frobots.txt"%2C"lpu"%3A"https%3A%2F%2Fplus.google.com%2Frobots.txt"} ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)
[Warning] The page at https://mail.google.com/mail/?tab=wm&pli=1#inbox displayed insecure content from http://themes.googleusercontent.com/static/fonts/gloriahallelujah/v5/CA1k7SlXcY5kvI81M_R28bhi4u8Y7RaAY_ljmVkqsb8.woff. ([native code], line 0)
[Warning] The page at https://talkgadget.google.com/talkgadget/_/transportevents?pvt=AMP3uWaykUe0dxZBlnDOHfHDMwWD9fwKyzTWCnepghoQUhjLUrVQX_RZMQl96JOO__tef3jo0FLYs1GuHtRnNut26xR0qYlveg%3D%3D ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)
[Warning] The page at https://mail.google.com/mail/?tab=wm&pli=1#inbox displayed insecure content from http://themes.googleusercontent.com/static/fonts/gloriahallelujah/v5/CA1k7SlXcY5kvI81M_R28bhi4u8Y7RaAY_ljmVkqsb8.woff. ([native code], line 0)
[Warning] The page at https://talkgadget.google.com/u/0/talkgadget/_/frame2?v=1403646784&hl=en#e["wblh0.8952892625238746-0",2,1,[true,[]]] ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)
[Warning] The page at https://mail.google.com/mail/?tab=wm&pli=1#inbox displayed insecure content from http://themes.googleusercontent.com/static/fonts/gloriahallelujah/v5/CA1k7SlXcY5kvI81M_R28bhi4u8Y7RaAY_ljmVkqsb8.woff. ([native code], line 0)
[Warning] The page at https://talkgadget.google.com/u/0/talkgadget/_/frame2?v=1403646784&hl=en#e["wblh0.8952892625238746-1",2,1,[null,[2,3,4,5]]] ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)
[Warning] The page at https://plus.google.com/hangouts/_/hscv?pvt=AMP3uWaykUe0dxZBlnDOHfHDMwWD9fwKyzTWCnepghoQUhjLUrVQX_RZMQl96JOO__tef3jo0FLYs1GuHtRnNut26xR0qYlveg%3D%3D&xpc={"cn"%3A"RRQ67xALt8"%2C"tp"%3Anull%2C"osh"%3Anull%2C"ppu"%3A"https%3A%2F%2Ftalkgadget.google.com%2Frobots.txt"%2C"lpu"%3A"https%3A%2F%2Fplus.google.com%2Frobots.txt"} ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)
[Warning] Invalid CSS property declaration at: * (rs=AItRSTNb65V50Ue4xLuVSFOQM_8tHosJAQ, line 1, x2)
[Warning] The page at https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Ftalkgadget.google.com#rpctoken=790919542&forcesecure=1 ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)
[Warning] The page at https://clients6.google.com/static/proxy.html?jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en.VXUpfikRKZo.O%2Fm%3D__features__%2Fam%3DAQ%2Frt%3Dj%2Fd%3D1%2Ft%3Dzcms%2Frs%3DAItRSTOh049Pi6fXQ7xvZQYcwfcT2RsU5Q#parent=https%3A%2F%2Ftalkgadget.google.com&rpctoken=890380087 ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)
[Warning] The page at https://plus.google.com/hangouts/_/pre?hl=en&authuser=0 ran insecure content from http://fonts.googleapis.com/css?family=Gloria+Hallelujah. ([native code], line 0)