This test loads a secure iframe that loads an insecure plugin. We should get a mixed content callback because the insecure plug-in can script the secure origin.