While checking my coverage for my Mac serial number, I found mixed contents! in CheckCoverage page.
The main page:
Chrome shows "Insecure content Blocked" and with an option to "Load Unsafe scripts" icon in the address bar.
Entering any valid/invalid serial number will show the insecure warning in Chrome with the option to load Unsafe scripts.
In terms of security it is trivial and a favicon loading from non-HTTPS won't cause any security issues, but:
First: It is not professional.
Second: Which is the important, end-user will think Apple website is not secure or some will think their computers/devices hacked (How could Apple website is insecure? 🤔), yes I have heard and asked for this about mixed contents darn thing many times before from clients while working in sysadmin and tech support.
And what If an end-user is curious enough to load it, and did, it will show the website is Not Secure!.
They will see:
Welcome to the "Not Secure" Apple Website"
By the way, the serial shown here found by Googling! https://www.google.com/search?q=mac+serial+example