Web-sites shouldn't utilize the unsafe-url plan, as this could trigger HTTPS URLs to get uncovered over the wire over an HTTP connection, which defeats on the list of essential privacy and stability assures of HTTPS. SSL/TLS is especially suited to HTTP, because it can provide some security even when just http://XXX
