It's pretty much all in the subject. The UI doesn't seem to get generated in read private messages, so the only way to access them is with scripting (e.g., DOM/JavaScript debugger or console).

This seems to work as a workaround if you have access to a JavaScript console (I'm not familiar with PrototypeJS so I don't know the best way):

$$('.spoiler').style.display = "block";

Additionally, I have added a hack to acc.js that does this automatically for you (until ML gets around to fixing it, if he declares it a bug).

It's not a bug, it's a feature!

And I want to add that now it tells me all the time that the page I'm about to visit has insecure content... And I'm sure that didn't happen before.

Haven't you realised that there are no bugs in allegro.cc, it's either your browser's fault or it is working as designed.

That is the same I say to my employers and even though I still getting fire...

That is likely the result of icons or other similar resources being delivered over plain HTTP instead of HTTPS. As long as the requests don't contain sensitive information it should be harmless to fetch these resources over an unencrypted connection.

Most browsers typically warn you the first time this ever happens anywhere, but by default don't warn you again unless you tell them to. You might have configured your browser to warn you every time this happens. There's nothing particularly wrong with that, and I think that ideally everything should be encrypted, but I suppose the encrypted connection adds overhead that might weigh into the host's bottom line.

In any case, you can probably trust that allegro.cc is working sufficiently securely. If anything it's annoying that browsers consider this condition all or nothing. They should allow you to configure whitelists so you can say, "I trust allegro.cc to encrypt what it should, but warn me if any other host mixes HTTP and HTTPS." I don't think that any browser that I'm familiar with can do this currently, but then I normally just accept the default "don't warm me again" and only see it the first time I encounter it with a new browser profile...