On the web, your data travels trough a lot of random hardware, owned by a lot of people/organisations. Each one of those could be listening to the data steam, change it, fake it or let it pass as they should. When they intercept and change the DNS request, they got full control over what server you will visit next.
Thus, a http site is never secure, and even trough 99.99% of the time, you are connecting to the right server, you can never be sure (especially at public access points) that you are not eavesdropped or getting scammed.
More people should be aware of this fact, and firefox is making good steps into showing this to end users. Remember that if you write anything with more then 10 words in a tooltip, almost nobody will read it. Second, for most websites, who cares if the connection is secure? Nobody is interested in intercepting this very post. So for most websites, this situation is perfectly fine, including your gaming site, right?
Now that internet is getting more and more used, and also used for more privacy sensitive, its required to add security. For example, when i'm talking to my bank, i don't want anybody to see my money, or worse, insert a message that i'm going to transfer all my money to some foreign bank account. Thus, encryption is used to prevent this. But arguable, what use does encryption have if my DNS request changed and i'm not talking to my bank, but to some random phishing server? And yes, that happens.
Thus, there is another level of security where you also verify the identity of who you talk to.
Problem is, how do you verify somebody's identity? There are a lot of models to think up on how to do that, currently used is that when i trust VeriSign and VeriSign trust sierranevada, then i trust sierranevada too.
Looking from this point of view, thus the end-user, it makes sense to warn when the identity of a secure website is not verified. Truth is that you could be connected to the wrong website. The big question is how important it is that the identity is not verified, if the answer to that question is 'not so important', then you can ignore this.
You could of course claim that you should be allowed to fill in a name at your self singed cert, but criminals can write your name at there certs too, so that provide no security, and would only confuse the end user into thinking they are talking to the right website.
From a webmaster point of view, it would make sense that you can change a field that say 'this website does not provide this information' by providing that information. But the whole point of verifying your identity is that it can only be done by a trusted source. (A trusted source you have to pay a lot of money for it, probably send your surname, first name, middle name, last name, fingerprints, and more). Next the end user has to trust a party that get paid by providing a lot of identity papers, and not for rejecting them. Not perfect, but the best that can currently be done, and also a reason why a security level between nothing and encrypted+verified exist.
ps. I'm now unsure if i hit the the mood point of the discussion, but for me is comes down to 'yes your SSL cert is less secure then a EV SSL cert, and firefox mentions exactly the difference between the two. However this is not necessary a problem.'
pps. IE 7 also adds a huge question mark to the security pop-up when you click it on a normal https site, only on a site that also provide identity information the adress bar becomes green and a correct sign is added to the image in the pop-up.
(dutch text)
