It wouldn't keep browsers from complaining about that because plenty of people just link external avatars anyway. We'd need to have SMF copy external avatars so they can be hosted over HTTPS, and I'm not sure if that work is entirely worth it given it's only GET requests for images. Browsers can be so touchy.
Edit: Actually, fixing the built-in ones is probably indeed worthwhile as the cookie for the forum will be sent to such URLs. I didn't realise those were http, given we force SMF to be served only over https. Thanks for raising this, it's time to go garbage diving in SMF code again.