As noted here a year ago, when the backoffice is running via SSL (via
define('FORCE_SSL_ADMIN', true);), media library images (thumbnails, featured image, etc.) loaded are loaded via http (non-ssl) causing modern browsers to declare the page as unsafe (mixed content).
Not a huge bug, but it would be better if all content on the page is loaded securely.
Thanks for a wonderful blog engine / cms,