lammert - 3:15 pm on Dec 15, 2010 (gmt 0)
I have seen it happen with high profile sites. It often happens if the secure part of the site is moved to another (sub)domain without the webmaster thinking twice or testing it. Sometimes it is because the certificate expired, or the website owner installed a home-signed certificate, instead of one from an authority.
Given how easy the installation of certifcates is (most certificate issuers provide step by step instructions for installing them) and how cheap they are; not buying, installing and testing a proper certificate for a site is a big red flag IMO.