Traditionally, browsers have run the mixed script, genuine or not, and notified you after-the-fact by a broken lock icon, a dialog box, or a red https:// in the location bar (in the case of Google Chrome). The problem with this approach is that by the time the script has run, it is already too late, because the script has had access to all of the data on the page. Google Chrome now protects you by refusing up-front to run any script on a secure page unless it is also being delivered over HTTPS.
You can bypass this feature by clicking "Load anyway" in the infobar displayed at the top of the page, but Chrome doesn't remember your preference. Unfortunately, you can't whitelist a domain or a subdomain, so you'll have to click "Load anyway" and wait until the page is reloaded. There's a command-line flag that lets you disable this feature: --allow-running-insecure-content, but Google says that it should only be used by "users and admins who have internal applications without immediate fixes for these errors".
Chrome has recently added many other security features, including a function for generating strong random numbers, a way to force HTTPS for any domain you want, an initial implementation of Content Security Policy that helps protect against Cross Site Scripting and a more secure Gmail that uses HTTPS for all connections, even when you type "gmail.com" in the address bar.