Another security feature added is the blocking of downloading files from URLs that are on lists of potentially dangerous content.
Yeah, I'm not sure blocking HTTP downloads by default is a good idea, I mean many offices probably have some internal legacy HTTP only sites that nobody dares to touch, that are perfectly safe being HTTP (if you have hackers inside your network a simple intranet site spoofing is your least problem), and disabling this security option might have a lot of wider repercussions
Yeah, I'm not sure blocking HTTP downloads by default is a good idea, I mean many offices probably have some internal legacy HTTP only sites that nobody dares to touch, that are perfectly safe being HTTP (if you have hackers inside your network a simple intranet site spoofing is your least problem), and disabling this security option might have a lot of wider repercussions
I get it, but you're arguing in favour of negligent IT. If nobody dares to touch something, it is a liability.