Yeah, I'd like to know more about what happens when users try to publish using the secure URL...it's better to fix that problem. Perhaps an issue with missing trusted entries in the config?
When users hit a viz at http://company.server.intranet.com/, are they redirected to a secure link automatically? Can anyone outside of your corporate VPN access your Tableau Server? If they can, then yes, an unencrypted connection is a big problem. Within a VPN it's less so, but still not great, as internal users could still see all the traffic to and from Server, intercept it, and access data or information they shouldn't be able to.
I agree, this does need to be addressed. I'm planning to after a 2019 upgrade.
Users are not redirected to the secure URL. Using the server URL is still possible even though we tell them not to. I'm really weak on the whole reverse proxy stuff and getting internal help with this is so maddening that I've given up for the time being. Naturally we are using this but how it all works isn't clear to me so I can only make setting changes according to what the other team has told me to use.
Nobody outside our VPN can access our TS.