As part of the ongoing insecure HTTP deprecation, Firefox 51 has enabled the basic warning for insecure password input by default to show a broken padlock icon on the Address Bar whenever an
<input type="password"> is found on a non-HTTPS page. Firefox 52 advances this security measure by disabling autofill on such insecure login forms and rather showing a more prominent contextual warning message just below the
Webmasters are strongly encouraged to move any form to an HTTPS page to let customers sign in safely and securely. In case you don’t know, Let’s Encrypt gives you a trusted SSL/TLS certificate for free.