An HTTP referenced image in the context of HTTPS does not trigger mixed mode warnings. The image you see here was loaded via HTTPS but when you click on it, will be loaded in a JQuery gallery view over HTTP, thus causing a mixed mode situation which can be easily missed by the user as only the lock goes away but no mixed-mode prompt is shown, even when prompting is explicitly enabled in IE. An HTTP auth dialog should not pop-up when clicking on the image: