Security is important.
But sometimes it’s important, too, to be productive, for example during work hours.
Maybe at a trusted customer site with a restrictive security policy to intercept all HTTPs-Traffic using a customer-provided certificate which never fits to the visited web-sites.
Most of my technical research jobs using Google aren’t secret, otherwise I won’t pass them to Google, so HSTS for at least Google-Sites doesn’t makes sense in these cases.
Google knows that and invented the no-HSTS-Switch:
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --ignore-certificate-errors