currently, the protocol used to make requests to ArcGIS Online's World Geocoding Service is inherited from what is used in your own application (ie: if you host over https, as will be required by Chrome 50 to leverage HTML5 Geolocation, geocoding requests will be encrypted too).
that being said, if i'm understanding your suggestion correctly, it would be trivial (and probably helpful) for us to just hardcode https as the protocol instead of inheriting from the application.
relevant source code is here.