Currently the Safe Browsing code has to jump through a few hoops to avoid setting the "keyUrl" used by the backend's key manager. It does this because apparently just the act of setting the URL results in a key being fetched from the URL, which would be unwanted if the user has disabled Safe Browsing. This really ought to all be handled behind the scenes... We should be able to set the URL without triggering a fetch. Rather, the fetch should just be triggered on-demand if it's not available when an update is performed.
This will be fixed by the HTTPS switch, which does away with all the key-juggling.