You are right, Matthew. It does not block. Still, the message is there
for a reason and uploading without SSL increases the exposure. While
my site is in QA, I'm OK just putting up with the warning. I'd need to
tighten up my procedures before going live. Hopefully by then someone
will have posted an MSI.
One could argue that taking an MSI from someone you don't really know
is as risky as not using SSL at all, because they could have modified
the code before building the executable. That's a valid argument. I
wish Google did it and placed it on the App Engine downloads page :-).
Thanks.