Is there currently a way for checking if the insecure warning overlay is present from Java, or would that require some additional plumbing to native?

I believe it would require additional plumbing.

Checking for the UI is obsolete as of  issue 771223 . However, we should make sure we have a WPT that verifies that the API is not available on insecure contexts.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c3640a1002d9bec39a991fb3b495c7628b80aa28

commit c3640a1002d9bec39a991fb3b495c7628b80aa28
Author: Anna Maria <offenwanger@chromium.org>
Date: Wed Dec 20 18:30:35 2017

Add test for webxr in insecure contexts

Adding WPT for checking that navigator.xr is not available in insecure
contexts.

Bug:  753608 
Change-Id: I6b6ed3c063251179f8baed3cbee1a358cf1d2470
Reviewed-on: https://chromium-review.googlesource.com/834611
Reviewed-by: Brandon Jones <bajones@chromium.org>
Commit-Queue: Anna Offenwanger <offenwanger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#525377}
[add] https://crrev.com/c3640a1002d9bec39a991fb3b495c7628b80aa28/third_party/WebKit/LayoutTests/external/wpt/webxr/OWNERS
[add] https://crrev.com/c3640a1002d9bec39a991fb3b495c7628b80aa28/third_party/WebKit/LayoutTests/external/wpt/webxr/resources/webxr_check.html
[add] https://crrev.com/c3640a1002d9bec39a991fb3b495c7628b80aa28/third_party/WebKit/LayoutTests/external/wpt/webxr/resources/webxr_util.js
[add] https://crrev.com/c3640a1002d9bec39a991fb3b495c7628b80aa28/third_party/WebKit/LayoutTests/external/wpt/webxr/webxr_availability.http.sub.html

Marking this as done since we have some tests now for WebXR.