Chrome shows connections without https as insecure. Since our app will be running on localhost without a valid SSL cert, it and connections to Blockstack IDs (which resolve to 127.0.0.1) will also be marked as insecure.

Also, those who point Blockstack names at web sites will be unable to get SSL certificates issued by trusted issues since we use “unofficial” tlds.

Have we talked about how to handle this?