> On the other hand an HTTP site gets a red warning UI and some feature just don't work, and there is no way for the site to add those things, they're just outright prohibited with HTTP.
This is a very recent development. Until last year HTTP had no special behavior while self-signed HTTPS had a big "You WILL get hacked and all your creditcards stolen if you continue, do not continue unless you have a PhD in Computer Security" warning. Still has.
Chrome shows a grey "not secure" on HTTP and a similar warning on self-signed.
In terms of how secure HTTP vs self-signed is, the behavior should be reversed.
This is a very recent development. Until last year HTTP had no special behavior while self-signed HTTPS had a big "You WILL get hacked and all your creditcards stolen if you continue, do not continue unless you have a PhD in Computer Security" warning. Still has.
Chrome shows a grey "not secure" on HTTP and a similar warning on self-signed.
In terms of how secure HTTP vs self-signed is, the behavior should be reversed.