As per what you linked 'where "secure" is defined by the user agent'. In this case apple have decided that even though TLS is established - its not a secure channel - because the identity of the server was never verified.

I am actually surprised other browsers still send the cookie.... I don't think they will continue to do this long term. It would make users who are being manned in the middle, and skip the warnings, vulnerable.