Well that is an assumption on my part and not a certainty, as I don't know if it effectively being wrapped up in the parent HTTPS connection, it might get past the web shield. So that would have to be something answered by the developers.
As for the network shield, I don't believe it matters about the connection method/protocol as it is basically looking at the domain name. So hopefully that would give some limited protection.
Firefox is a little clearer in its warning about mixed content (as is IE8 and most likely IE9), which by default should be enabled.
If the capture and transmission of the data require scripts or cross site scripting then NoScript and RequestPolicy (don't know about BetterPrivacy) could well help in blocking that capture/transmission.