Console says Sign Up password field is insecure

Why is this considered insecure? I have removed the insecure package, but the console says:
How else should i do this?
“Password fields present on an insecure (http://) page. This is a security risk that allows user login credentials to be stolen.”

It has nothing to do with the insecure package. It’s just warning you that you are not using SSL (https)

Do you know why, when using accounts-ui, there’s no such console message?