Per https://w3c.github.io/webappsec-secure-contexts/, we are deprecating and then removing geolocation from insecure contexts. Geolocation is a powerful feature that allows access to the user's precise location, which is a powerful privilege escalation for HTTP content injection. This will remove that attack vector by only allowing it over HTTPS.
Docs: Part of the larger effort to remove powerful features on insecure origins: https://chromium.org/Home/chromium-security/deprecating-powerful-features-on-insecure-origins blink-dev discussion and API owner approval: https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/ylz0Zoph76A/C1VNAhJ8BQAJ