https://codereview.chromium.org/2067933002 adds the ability to warn the user when the proxy server that the user is authenticating with is insecure and may be spoofed.

It's using the same UI string used for warning about insecure servers and has the word "Server" in it. We should consider adding a new string for insecure proxies and perhaps reword both of them to indicate that not only can the passwords be sniffed by an attacker, Chrome also doesn't know if the endpoint is who it claims to be.