The fact that Safari let the LGF Pages bookmarklet run even when it was crossing HTTP/HTTPS protocols was nagging at me, so I investigated some more, and discovered that Safari writes an error message about content being accessed insecurely to the console — but still allows the content to be accessed. Both Chrome and Firefox block cross-protocol access, and also write an error message to the console.