I was playing about with ssl strip against an ie8 target, just for learning more about it. To my surprise I was able to capture the credentials of the ie8 victim when signing into Google accounts.
I can understand that ie8 doesn't support something like HSTS, but what I don't understand is why Google are even offering a HTTP version of the login form? Surely they should just redirect any request for this page to HTTPS with a redirect rule in the server itself and the problem would be solved regardless of the browser the user is using.