When embedding a tweet that contains a video with
the Twitter Widget also renders the profile picture in the bottom left of the video. This profile picture has an HTTP URL, even when both the page and widget use HTTPS (even the video preview image is HTTPS). This causes the browser to report page as not secure due to mixed content.
The bug is even apparent on the example page at https://dev.twitter.com/web/embedded-video/parameters