Firefox added a warning to indicate when a user is interacting with a username or password input field on a page served over HTTP. In the current release of Tor Browser, 7.0.1, this is enabled.
Unfortunately, this means that currently on the source interface (for the SecureDrop instances that don't use HTTPS on the source interface), a warning appears:

Similarly on the journalist interface:

This warning is intrusive (by design) and may scare away sources from submitting. The best solution here is to start using HTTPS for both the source and journalist interfaces (relevant: #1605 for the source interface). If there's another viable solution here (i.e. one that does not train users to click through security warnings), feel free to comment.
I'm going to file a bug upstream to see if Tor will remove this feature for .onion sites.
Already being tracked in https://trac.torproject.org/projects/tor/ticket/21321 .
Looks like the Tor Trac ticket was given priority for resolution and labeled for July. Maybe we'll see it in one of the upcoming 7.0.X point releases in the next couple of months?
Looks like a PR was posted in the upstream issue earlier today; fingers crossed that this will be fixed in an upstream release of Tor Browser soon!
I just discussed this issue with @redshiftzero. We agreed that it is challenging to address for a number of reasons.
We do not have a mechanism for receiving feedback from the anonymous sources who use SecureDrop, so it is difficult to gauge the potential impact of these warnings on end users; however, from our own recent encounters with the warnings from doing QA for SecureDrop 0.4, as well as reports from journalists who use SecureDrop, we have reason to believe these warnings are creating confusion and uncertainty for end users.
Since these warnings were introduced upstream in Tor Browser, we cannot directly resolve this issue. The currently available mitigation strategies are:
We agreed that it may be worthwhile to implement 4 while waiting for 1.
This issue has been resolved. See https://trac.torproject.org/projects/tor/ticket/21321
Thanks for the heads-up, @mrphs! I've confirmed this issue is fixed for SecureDrop in Tor Browser 7.0.5.
Hopefully TB 7.0.5 will be included in the next stable version of Tails, which will fix this issue for all categories of SecureDrop end users.
Tor Browser 7.0.4 fixed this issue, which was included in the latest version of Tails (Tails 3.1), so closing.
Most helpful comment
Looks like the Tor Trac ticket was given priority for resolution and labeled for July. Maybe we'll see it in one of the upcoming 7.0.X point releases in the next couple of months?