I'll just clarify this a little clearer: The HTTP requests from the forum's HTTPS is only a minor "threat" to the user's web browser. It's only an issue if the HTTP request was hijacked (highly unlikely) in a man-in-the-middle attack and the wrong (malicious) image was retrieved in your browser. The forum automatically downloads an externally linked image to prevent a dead link later.
Then as we know, once the forum has its own copy, the image is retrieved by via HTTPS. The system did that to one of my posts the other day.
We're talking about images here -- the link "blocks" probably apply too, when an image is determined based on the page contents, which may be done and linked over HTTP.