When editing user's profile with "HTTPS security" enabled, the TinyMCE editor javascript is linked with plain http link.
That is a problem for the default display behavior in Chrome as it ignores non-https links in ssl secured pages and only shows small shield icon in url bar and that can be easily overlooked.
This might also be a security issue in other browsers as non-secured javascript can change any part of the secured page and/or steal user data.

Tested with 2.4.1 and https://github.com/rajeshtaneja/moodle/compare/MOODLE_24_STABLE...wip-mdl-36674-m24 patch which actually enables profile editing with "https security" enabled.