Another security feature added is the blocking of downloading files from URLs that are on lists of potentially dangerous content.
Yeah, I'm not sure blocking HTTP downloads by default is a good idea, I mean many offices probably have some internal legacy HTTP only sites that nobody dares to touch, that are perfectly safe being HTTP (if you have hackers inside your network a simple intranet site spoofing is your least problem), and disabling this security option might have a lot of wider repercussions
Edge has started doing that too, whenever I download something from my Home Assistant instance while at home I have to rightclick and say that I really want to download it.
As long as such an option is available its not too bad.
It's not just about that, people will be disabling the feature that is potentially beneficial to their security, disabling http downloads from http sites is just an extension of blocking http downloads from https sites