@Catelli
Yes, OTOH, using http outside localhost is an issue.

It's almost never possible to judge the data that is passed to be harmless in finality without the threat context. And on the internet you literally have to many user to consider guessing.

And it's less Google and let's encrypt here. It seems that Microsoft has problems with is internal processes to keep certificates fresh and thus is miseducating users.
@briankrebs