It's potentially CORS or non SSL triggering the warning. I wouldn't say completely nothing to worry about since it would be possible for someone to man in the middle some traffic. Unlikely though. CORS only matters for browser http stuff, LS uses websockets. The security seems pretty poxy to me, but I haven't found anything to truely be alarmed about. Mostly just bad practice