Loading a non-secure image in the onunload event causes a subsequent secure page to appear non-secure due to mixed content. I've seen this in the wild on an accommodation booking page using google maps (which tracks usage by loading a tracking image in the unload event), where it's a rather major issue, as Firefox 3.5 users get scared away from completing the booking due to the booking page appearing insecure. This regressed between 20080901020950 and 20080902020535 and is thus almost certainly a regression from bug 135007. See the attached testcase. CC-ing some people and setting flags.
Of course there's already a bug about this blocking bug 135007.... ;)
Oh, meh. Should've looked further before filing. Sorry.