Starting in July of 2018, you’ll start seeing that any website that is not “https” secure by default will be labeled as insecure. See the image below from Googles’ blog post:

Many websites have already enabled https, and all websites with logins like WordPress, Drupal, Craft CMS and many others need to be secured as well.
If you happen to visit a website that isn’t secure, please do the Internet at large a favor and let the site owner know (usually through a Contact form, Support ticket or something like that). If you’re unable to find a method, please Work With Me and I’ll take care of it for you.
A safe, secure web is important to everyone and we all must do our part (see my other blog post from 2017 regarding this).