Security issues with iframe HTTPS on HTTPS page
There are no associated privacy implications when connecting compared to a regular HTTPS page, but keep in mind that you are doubling the number of servers and possibly companies involved.
Browser exploitation, pop-ups, and adware may be served in HTTPS mode, and visiting an HTTPS site that is outside your control could breach user privacy if the HTTPS URL reveals personal information about one of your users - for example, if you serve https://www.example.com/redir.php?url= + CURRENT_URL and you are logged in with a GET postback with the username and password in the url, you can expose this to third party sites.
Plus, there is no problem with embedding third-party HTTPS sites in your own HTTPS pages.
source to share