I'm aware of the proxy being allowed to fall back to insecure connections, but this doesn't automatically make it an desired behaviour for all kinds of networks. This rather qualifies as vulnerability, because the risk is not obvious for the administrator, who usually configures...