This test loads a secure iframe that loads an insecure image. We should *not* get a mixed content callback becase the main frame is HTTP and the image doesn't contaminate the child iframe's security origin with mixed content.