Well, testing current behavior, using an unsigned certificated on another domain
Standard HTML shows it as a broken image, which can be clicked through to see the certificate warning
Xenforo proxy pulls the image regardless of the certificate
Hmm. I'd like to encourage users to use sites with proper SSL certificates, but it's ease of use thing, isn't it.
I think it would be valid if Xenforo's proxy script were to serve a 301 header - instead of an image - if it were to detect the image were being served with a valid certificate. Probably a new column in an appropriate table, but the potential for fewer images in local cache.
The proxy is not solely for HTTPS reasons, though that was the main/initial motivation. It can also prevent external servers from getting any information from your visitors (number of times the image is loaded, IP/browser info, etc), prevent them from setting cookies (not on your domain, but something along the cookie stuffing line), and smooth out issues if the external server is flaky. These are all independent of how the image is served (and why using the proxy can be useful on a HTTP site).
As such, you'd need a modification to change the behavior of the proxy system.