Well to be fair there is A LOT of main stream web sites even banking sites have that same issue they use cross site scripting, meaning they pull from none https: sites to add  adds/etc to their secure web site.

Icon