Index: src/wp-admin/includes/ajax-actions.php
===================================================================
--- src/wp-admin/includes/ajax-actions.php	(revision 28887)
+++ src/wp-admin/includes/ajax-actions.php	(working copy)
@@ -2534,13 +2534,38 @@
 		wp_send_json_error();
 	}
 
+	$shortcode = $_POST['shortcode'];
+
+	// Admin is ssl and the user pasted non-ssl URL.
+	// Check if the provider supports ssl embeds and use that for the preview.
+	if ( is_ssl() && preg_match( '%^\\[embed\\]http://%i', $shortcode ) ) {
+		require_once( ABSPATH . WPINC . '/class-oembed.php' );
+		$oembed = _wp_oembed_get_object();
+		$attr = array( 'discover' => ( apply_filters( 'embed_oembed_discover', false ) && current_user_can( 'unfiltered_html' ) ) );
+		$ssl_shortcode = preg_replace( '%^\\[embed\\]http://%i', '[embed]https://', $shortcode );
+
+		if ( $oembed->get_provider( $ssl_shortcode, $attr ) ) {
+			$shortcode = $ssl_shortcode;
+		}
+	}
+
 	setup_postdata( $post );
 
 	// If the URL cannot be embedded, return an eror message with wp_send_json_error()
 	add_filter( 'embed_maybe_make_link', '_wpview_embed_error', 20, 2 );
 
-	$parsed = $wp_embed->run_shortcode( $_POST['shortcode'] );
+	$parsed = $wp_embed->run_shortcode( $shortcode );
 	$parsed = do_shortcode( $parsed );
 
+	if ( is_ssl() && ( preg_match( '%<(iframe|script|embed) [^>]*src="http://%', $parsed ) ||
+		preg_match( '%<link [^>]*href="http://%', $parsed ) ) ) {
+		// Admin is ssl and the embed is not. Iframes, scripts, and other "active content" will be blocked.
+		$url = str_replace( '[embed]', '', str_replace( '[/embed]', '', $shortcode ) );
+		wp_send_json_error( array(
+			'type' => 'not-ssl',
+			'message' => sprintf( __( 'Preview not available. %s cannot be embedded securely.' ), esc_url( $url ) ),
+		) );
+	}
+
 	wp_send_json_success( $parsed );
 }
Index: src/wp-admin/includes/misc.php
===================================================================
--- src/wp-admin/includes/misc.php	(revision 28887)
+++ src/wp-admin/includes/misc.php	(working copy)
@@ -833,6 +833,7 @@
  */
 function _wpview_embed_error( $output, $url ) {
 	wp_send_json_error( array(
+		'type' => 'not-embeddable',
 		'message' => sprintf( __( '%s failed to embed.' ), esc_url( $url ) ),
 	) );
 }
Index: src/wp-includes/js/mce-view.js
===================================================================
--- src/wp-includes/js/mce-view.js	(revision 28887)
+++ src/wp-includes/js/mce-view.js	(working copy)
@@ -737,7 +737,9 @@
 			} )
 			.fail( function( response ) {
 				if ( response && response.message ) {
-					if ( self.type === 'embed' ) {
+					if ( ( response.type === 'not-embeddable' && self.type === 'embed' ) ||
+						response.type === 'not-ssl' ) {
+
 						self.setError( response.message, 'admin-media' );
 					} else {
 						self.setContent( '<p>' + self.original + '</p>', null, true );