Howdy,
I've seen this behavior, on all version and also last stable 1.3.7.
I have HTTPS in the vhost that the webmail is running, everything's fine, but, if I click an email that has images that are loaded from an HTTP:// url (without HTTPS) the browser starts telling me that the HTTPS validation failed with the yellow sign in the padlock.
Question, should an email with non-https url's influence the browser HTTPS validation?
To get the normal behavior I have to F5 the window.
Here's a raw message from an email that has that behavior: