> This is not an argument in favour of a search engine/browser penalizing HTTP servers.

Why isn't it? By navigating to a domain (or searching for it), the user is arguably making an intent statement ("I want content on $domain"). Ensuring that the user doesn't get spam, malware, etc. instead seems well within the scope of the browser.

It may be in the browser's interest when the majority of their userbase is non-tech. I'd rather my mom use such a browser than one which does not enforce it.

I mean it's a free world, let's all use browsers and search engines that don't penalize HTTP

Why not start with realizing and saying out loud that https enforcing is bad?

Turns out the browser model of executing Javascript is worse when it comes to things being injected in the http stream.

"This thing is bad"

"Then don't do the thing you disagree with? It's a free and open web"

"Why don't you start with agreeing with my position first?"

"This things is bad"

"Yeah, whatever, feel free to die fighting against it"

I think advocating against somethig, generating a discussion, moving the Overton window is a valid, almost necessary thing. (I admit sometimes they threaten the things I like (or me), but most of the time, it's OK.)

Perhaps "agreeing" was a bad choice of word, instead discussing, debating, or just letting me know your opinion about the matter.