Currently YouTube doesn’t offer an option of embedding its videos via HTTPS, so if you try to add a video to a secure page browsers will display a security warning. If you use swfobject.js instead of the code provided by YouTube (as you should!), you’ll find the security warning goes away … in some browsers; IE is fooled and doesn’t display a warning, while FireFox will still show its little red exclamation mark in the status bar indicating that not all elements on the page are secure:
The same issue occurs in Opera, as well as Flock and other Mozilla browsers.
And obviously, since swfobject is a JavaScript file, if JavaScript is disabled in the browser the only option for showing the video is a plain ol’ Flash object inside noscript tags, and in that case the security warning is displayed for all browsers.
The workaround I came up with is to upload a SWF to the secure site that acts as a proxy and loads the YouTube video (since Flash has its own security model, it doesn’t matter that the video is not served via HTTPS).