diff -r 7ca74741259f mercurial/commands.py
--- a/mercurial/commands.py	Tue Jun 10 12:11:06 2008 -0500
+++ b/mercurial/commands.py	Thu Jun 12 18:03:41 2008 +0200
@@ -2068,6 +2068,11 @@
           Compression yes
       Alternatively specify "ssh -C" as your ssh command in your hgrc or
       with the --ssh command line option.
+
+    A warning about HTTPS and Mercurial:
+      The implementation of HTTPS in Mercurial does not check server 
+      certificates. It is therefore vulnerable to man in the middle
+      attacks. If you rely on security use SSH.
     """
     source, revs, checkout = hg.parseurl(ui.expandpath(source), opts['rev'])
     cmdutil.setremoteconfig(ui, opts)
diff -r 7ca74741259f mercurial/httprepo.py
--- a/mercurial/httprepo.py	Tue Jun 10 12:11:06 2008 -0500
+++ b/mercurial/httprepo.py	Thu Jun 12 18:03:41 2008 +0200
@@ -206,6 +206,10 @@
         if has_https:
             handlers.append(httpshandler())
 
+        #Warn about insecure https implementation
+        if scheme.lower() == 'https':
+            self.ui.write(_('using https insecurely\n'))
+
         if proxyurl:
             # proxy can be proper url or host[:port]
             if not (proxyurl.startswith('http:') or
@@ -213,6 +217,8 @@
                 proxyurl = 'http://' + proxyurl + '/'
             snpqf = urlparse.urlsplit(proxyurl)
             proxyscheme, proxynetloc, proxypath, proxyquery, proxyfrag = snpqf
+            if proxyscheme = 'https':
+                self.ui.write(_('using https-proxy insecurely\n'))
             hpup = netlocsplit(proxynetloc)
 
             proxyhost, proxyport, proxyuser, proxypasswd = hpup