The iframe which is written in Calendar.prototype.show (DatePicker.js) has no src attribute - unfortunately, IE seems to interpret this as an insecure url and shows the 'This page contains secure and insecure items...' popup.
about:blank does not work either ('about' appears to be an insecure prefix for IE).
It needs a relative url to a page, e.g. src="blank.html". If the page does not exist, presumably the server will return a 404 result code, but this is a very minor annoyance compared with the popup warning.