Google Toolbar is a Security Leak!

OK, I like many people have the Google Toolbar installed on my browser(s). One of the options on the toolbar is the PageRank button. If you've not used it, it's a really cool button that shows you Google's PageRank for the page you're currently viewing.

It's a simple enough implementation, for each page you visit the toolbar makes a request to Google's servers ( specifically) and looks up the page rank information on that page. The request is a simple GET request, included in the request is the current URL. The response is a simple text string showing the page rank. For example, if I visit I get back "Rank_1:1:6" in the response.

This is all well and good, except for one major problem. These toolbar queries are always sent as HTTP not HTTPS requests. That's not that bad a thing if you're checking or CNN, but if you happen to be browsing a secure site, your URLs are still being sent in the clear to Google! Not only that, but all your intranet URLs are sent to Google too, since Google tries to find the pagerank for every page you visit.

I'd like to find, but haven't yet, a header, metatag, or something similar that the web developer / site admin can add to their site to tell Google Toolbar that this page isn't going to have a pagerank and shouldn't be sent back to Google. I'd also like to see the toolbar updated to either not send HTTPS URLs back at all, or at least send them as HTTPS requests so they're encrypted on the wire.