Yes - but it's *just* as important to link to non secure pages from the secure area. SSL pages are encrypted. This means before sending the data the browser uses the public key to encrypt the data before sending, and the server does the same thing in responding. So SSL pages are notoriously slow. In your template for the secure area, be sure to link back to [any_page...]
Any page that would potentially reveal sensitive information. One misunderstanding people seem to have is that you only need to submit to a secure URL, leaving their payment forms on non-SSL. This couldn't be more false. See above,
So if you have a form with credit card info to submit, the URL better start with https or you will be sending that data as clear text.
Login areas - follow other models. Link a page to "log in securely," unless every login leads to information that is sensitive in some way. Log in to a bank account, or some area that allows you to view and change personal details? Definitely. Log in to a forum? Nah.
Recent discussion [webmasterworld.com]. You decide.
Well, you should **not** allow anyone to get to a page that needs to be secure via non-secure http. This can be done with a simple redirect using mod_rewrite. Any request for a secure area that does not start with https gets redirected to https. So that takes care of that. :-) More info in the Apache forum.