"In desktop Firefox 70, we intend to show an icon in the 'identity block' (the left hand side of the URL bar which is used to display security / privacy information) that marks all sites served over HTTP (as well as FTP and certificate errors) as insecure," said Firefox Developer Johann Hofmann.
Those flags are still present in the current stable version of Firefox, and users can enable them right now and preview how these indicators will look starting this fall.
The flags are:
security.insecure_connection_icon.enabled - show a broken lock on HTTP sites security.insecure_connection_text.enabled - show the "not secure" text on HTTP sites security.insecure_connection_icon.pbmode.enabled - show a broken lock on HTTP sites in Private Browsing security.insecure_connection_text.pbmode.enabled - show the "not secure" text on HTTP sites in Private Browsing
The end result is very similar to how Chrome currently marks all HTTP pages (see image below).