Scenario goes like this: Main parts of web site is on one server. All traffic goes over https. I have no control ovet this server.
Themes use css files and images from another server. Also over https. I have full control over this server.
How vulnerable is the main site (how and why) if css files and images would go over http? I am asking only about css and images.
I don't know how relevant is, but server is Apache and language is PHP.
---------------- edit ------------
So far, there is 'a man in the middle' attack who can change css and thus hide my content, introduce new images and add more text.
But can not create live links, or add js...
Here is a good discussion about this topic started by symcbean.