As requested, a separate issue. In #6441, the following screenshot was posted of the UX for a failed update attempt over HTTPS:
... however, all the buttons are red and barely distinguishable - this is likely to lead to the user making a wrong (unsafe) choice. A UX change is critically needed here.
Suggested solution: 1. Update Automatically using HTTPS and Continue to Piwik should be either green, or a neutral color (such as light grey). 2. Update Automatically using non-secure HTTP should remain red, as it is now. 3. Update Automatically using non-secure HTTP should be moved to the end of the button list, as the last option.
The above makes the unsafe options unattractive to users, and will make them think twice before using them. More on this can be found in this presentation from the Google Chrome security team.