This article was written specifically about using iframes but applies equally to any content delivered over http: which is accessed via a Google Site
For security reasons in the latest version of most modern browsers, http iframes no longer load in https pages by default.
What this means is that if you have a page delivered by https: containing an iframe that references an http: page, that iframe will appear blank and a 'shield' icon will appear in the browser bar (varies by browser).
This affects 'unmapped' Google Sites because all sites from the domain sites.google.com will always be delivered using https:
There are several workarounds are available: