Since we want users to expect to see a green lock in the URL bar, should we really be showing the "not secure" warning for internal chrome:// URLs?  

AFAIK There's no real insecurity there (no snooping possible) so perhaps they should be marked secure like https?

A user mentions that "chrome settings page is not secure" in  issue 682291 .