On my SilverStripe web site, we have it secured. When I use HTML for a weather widget and insert it into my web site, since it is secured I get a warning:
"Do you want to view the web page content that was delivered securely?"
(This webpage contains content that will not be delivered using a secure HTTPS connection, which could compromise the security of the entire web page.)
The visitor has to select NO, in order to bypass the message and see the weather widget.
If they say yes, it does not show the widget.
Either way, this is annoying for the visitor to have to click yes or no.
To avoid the pop up box you need to ensure all information served on the page is https and https from the one site. This means all the css files, images everything sent by the server has to be https. One single http reference will force this message to appear.
I am assuming your widget pulls in a feed from a third party. Your outside widget wont work without the message box appearing if its from another site. All traffic for https has to be from your one site.