Personally this test for 'bare minimum browser security' fails for avast users as it suggests using HTTPS Everywhere, which effectively lowers your protection in avast as the web shield doesn't monitor https traffic. So I feel https should never be forced and only used when the page/link is genuinely meant to be https.
I also don't see a healthy dose of common sense and scepticism on the part of the user.