Another security feature added is the blocking of downloading files from URLs that are on lists of potentially dangerous content.
Yeah, I’m not sure blocking HTTP downloads by default is a good idea, I mean many offices probably have some internal legacy HTTP only sites that nobody dares to touch, that are perfectly safe being HTTP (if you have hackers inside your network a simple intranet site spoofing is your least problem), and disabling this security option might have a lot of wider repercussions
It’s not just about that, people will be disabling the feature that is potentially beneficial to their security, disabling http downloads from http sites is just an extension of blocking http downloads from https sites