kaled - 2:59 pm on Nov 16, 2009 (gmt 0) Perhaps I am missing something! Kaled.
This is not a subject I have ever considered, however, wouldn't this be unnecessary if browsers refused to display framed contents in a secure page unless the security certificate matched that of the parent frame (and ajax was similarly blocked). I guess the reverse would also have to be blocked (i.e. displaying a secure page within a standard page).
Perhaps I am missing something!