I am not available to my PC these days, but I know already that YouTube code needs a fix, possibly Vimeo too.
If you look at the YouTube embedding code on their website (that one standin in the Embed section) you will see they don't have http or https provided in their code at all. For a long time I was thinking this is kind of bug, but your case now exactly shows it is not. You just need to put their embedding code like it is provided, ie starting with // by default. Then it should work for all domains disregarding their security layer.
I will fix it as soon as I am back. Thanks for reminding...
(P.S. Fixed now