Yes if your are on a secure page then side resources should be loaded with the secure protocol.
With PHP you can detect the secure port for instance getenv('SERVER_PORT') == '443' and include the http or https accordingly.
With js could check the window.location.protocol if it's https
For loading times depends what the tracker does. You can use client side triggering so js can do an ajax request to track something which can happen after the whole page is loaded. Or you can use the server script when the request is made and then customize the piwik to process it that way directly from your php. But by default the piwik triggers with client scripts.