This test loads a secure iframe that loads an insecure iframe. We should *not* get a mixed content callback becase the main frame is HTTP and the grandchild iframe doesn't contaminate the child iframe's security origin with mixed content.