One of the reasons why I prefer insecurity indicators over security indicators is that the user doesn't have to know which parts of the UI are trusted to distinguish secure from insecure sites.
(Another important reason is that an encrypted site is not necessarily secure, so the security indicator can be taken as more of an endorsement of the site than intended)
(Another important reason is that an encrypted site is not necessarily secure, so the security indicator can be taken as more of an endorsement of the site than intended)