Because most users will make a bad decision and continue to condition themselves to ignore security warnings. If, instead, a critical mass of users can't use a website at all, the site owner actually has to fix the problem.

I noticed that you said you "don't understand the error" yet you wanted to bypass it. This line of thinking is exactly the problem. I don't mean that in a condescending way. Disabling the last line of defense as a matter of routine is resulting in more and more attacks, so Google wants to move the problem to where it should be - the misconfigured website.

The short version is that during a previous visit to that site, it sent an HSTS HTTP header, which is really the only protection there is against SSL stripping attacks. Basically, it tells your browser, "My site will ALWAYS be SSL (and valid SSL) - if I ever tell you otherwise, it's not me, so do not communicate."

HSTS is relatively new, so browsers are handling it a bit differently and you don't see it often. A broken SSL chain on a site that did not give you HSTS would still allow you to ignore it.

>I don't understand this error

Is it typical for front-enders in Rails to not know web security / SSL?

I meant I don't understand why Chrome forces this error with no bypass.

Do we really need to be sniping?

Sorry if I offended, I was legitimately curious.

Ah, no worries.

Yep, Rails people have to understand and deal with SSL issues just like everyone else :)