I'll ask the Writers where we keep our style guide. The Microsoft Manual of Style is somewhat ambiguous here and other public style guides give contradictory advice:

https://www.google.com/search?q=title+case+hyphenated+words&oq=title+case+hy&aqs=chrome.1.69i57j0l3.5816j0j4&sourceid=chrome-mobile&ie=UTF-8#xxri=18

A quick review of other strings in the Security panel and other places shows that Dev Tools uses Title Case for titles:

Security Overview
Valid Certificate
Secure Connection
Secure Resources

So yes, I agree that the string in question should use title case, too: 
Non-Secure Form

A few notes:
1) Google UX writing style guide is at go/material-ux-writing

2) When something isn't defined in our own UX writing style guide, we follow AP (Associated Press) style (with one notable exception: serial commas). Rules for capitalization will vary depending on the style manual. 

3) Title Case for titles diverges from Google UX sentence-case style. But capitalization style rarely causes comprehension issues. Generally, for legacy UI, we leave it as is, as long as the style is consistent.

4) In reviewing the Dev Tools UX for this bug, I noticed a few places where the use of title case is not correct, and it does look strange. See Audits panel. Would it be feasible for me to sit w/an engineer at some point, run through the screens, and just fix these little nits quickly? :)

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/5553b9f830b3f917d2500762a9455cb1f28dd0b1

commit 5553b9f830b3f917d2500762a9455cb1f28dd0b1
Author: elawrence <elawrence@chromium.org>
Date: Sat May 20 13:38:22 2017

DevTools: Convert Security Panel to Sentence case

Replace use of Title Case in the Developer Tools' Security Panel to use sentence case, matching Chrome text standards.

BUG= 721176 

Review-Url: https://codereview.chromium.org/2881513003
Cr-Commit-Position: refs/heads/master@{#473435}

[modify] https://crrev.com/5553b9f830b3f917d2500762a9455cb1f28dd0b1/components/security_state/content/content_utils.cc
[modify] https://crrev.com/5553b9f830b3f917d2500762a9455cb1f28dd0b1/components/security_state/content/content_utils_unittest.cc
[modify] https://crrev.com/5553b9f830b3f917d2500762a9455cb1f28dd0b1/components/security_state_strings.grdp
[modify] https://crrev.com/5553b9f830b3f917d2500762a9455cb1f28dd0b1/third_party/WebKit/LayoutTests/http/tests/inspector/security/blank-origins-not-shown-expected.txt
[modify] https://crrev.com/5553b9f830b3f917d2500762a9455cb1f28dd0b1/third_party/WebKit/LayoutTests/http/tests/inspector/security/failed-request-expected.txt
[modify] https://crrev.com/5553b9f830b3f917d2500762a9455cb1f28dd0b1/third_party/WebKit/LayoutTests/http/tests/inspector/security/interstitial-sidebar-expected.txt
[modify] https://crrev.com/5553b9f830b3f917d2500762a9455cb1f28dd0b1/third_party/WebKit/LayoutTests/http/tests/inspector/security/main-origin-assigned-despite-request-missing-expected.txt
[modify] https://crrev.com/5553b9f830b3f917d2500762a9455cb1f28dd0b1/third_party/WebKit/LayoutTests/http/tests/inspector/security/mixed-content-active-and-passive-reload-expected.txt
[modify] https://crrev.com/5553b9f830b3f917d2500762a9455cb1f28dd0b1/third_party/WebKit/LayoutTests/http/tests/inspector/security/mixed-content-and-subresources-with-cert-errors-expected.txt
[modify] https://crrev.com/5553b9f830b3f917d2500762a9455cb1f28dd0b1/third_party/WebKit/LayoutTests/http/tests/inspector/security/mixed-content-reload-expected.txt
[modify] https://crrev.com/5553b9f830b3f917d2500762a9455cb1f28dd0b1/third_party/WebKit/LayoutTests/http/tests/inspector/security/mixed-form-expected.txt
[modify] https://crrev.com/5553b9f830b3f917d2500762a9455cb1f28dd0b1/third_party/WebKit/LayoutTests/http/tests/inspector/security/origin-view-then-interstitial-expected.txt
[modify] https://crrev.com/5553b9f830b3f917d2500762a9455cb1f28dd0b1/third_party/WebKit/LayoutTests/http/tests/inspector/security/security-all-resources-secure-expected.txt
[modify] https://crrev.com/5553b9f830b3f917d2500762a9455cb1f28dd0b1/third_party/WebKit/LayoutTests/http/tests/inspector/security/security-blocked-mixed-content-and-malicious-expected.txt
[modify] https://crrev.com/5553b9f830b3f917d2500762a9455cb1f28dd0b1/third_party/WebKit/LayoutTests/http/tests/inspector/security/security-blocked-mixed-content-expected.txt
[modify] https://crrev.com/5553b9f830b3f917d2500762a9455cb1f28dd0b1/third_party/WebKit/LayoutTests/http/tests/inspector/security/security-details-updated-with-security-state-expected.txt
[modify] https://crrev.com/5553b9f830b3f917d2500762a9455cb1f28dd0b1/third_party/WebKit/LayoutTests/http/tests/inspector/security/security-explanation-ordering-expected.txt
[modify] https://crrev.com/5553b9f830b3f917d2500762a9455cb1f28dd0b1/third_party/WebKit/LayoutTests/http/tests/inspector/security/security-secure-but-malicious-expected.txt
[modify] https://crrev.com/5553b9f830b3f917d2500762a9455cb1f28dd0b1/third_party/WebKit/LayoutTests/http/tests/inspector/security/security-unknown-resource-expected.txt
[modify] https://crrev.com/5553b9f830b3f917d2500762a9455cb1f28dd0b1/third_party/WebKit/Source/devtools/front_end/security/SecurityPanel.js

Tested this issue on Windows 7,Mac 10.12.4 & Ubuntu 14.04 using chrome dev #60.0.3107.4 as per comment#3.
Observed below in the Security panel of Dev tools.
---------------------------------------------------
Security overview 
Valid certificate
Secure connection
Secure resources

Still observed inconsistent capitalization as above(second word starting letter displayed in lowercase instead of Uppercase)which is not as intended in comment#3.

elawrence@,Could you please the fix on the same.
Thanks in advance..!!

Screen cast attached:

Deleted: 721176.mp4 917 KB

	721176.mp4 917 KB View Download

Apologies, the bug was not kept updated. The bug was changed to cover making all text Sentence capitalized in this panel.