My users are antsy about this fix so I went in and started hacking away. This change is not perfect, but it solves the problem for now (i.e., the warning went away). The new problem is that the picture URL is always using the SSL version, even if it's not on the checkout pages.
Dev team: can you please consider including a fix in the next release?
Line Number: 290
url = CommonHelper.GetStoreLocation(false+ "images/thumbs/" + localFilename;
url = CommonHelper.GetStoreLocation(SettingManager.GetSettingValueBoolean("Common.UseSSL")) + "images/thumbs/" + localFilename;