I realized that you load a resource in your website that isn't secure, such as Google Ads, it will no longer display the lock at the top right of Safari. Why would this be true? Google ads is always insecure, there is no way to use https with it. I think that if the site is verified, it should display the lock and if it's self signed, it wouldn't. That'll allow people who don't have money to pay for a certificate to have security and not annoy the customer with the this is a self signed certificate thing. This will prevent things like firesheep and so on.