phranque - 1:30 pm on Mar 24, 2013 (gmt 0)
That makes it sound as if they expect separate robots.txt files for http and https, even if they belong to the same domain. But what are you supposed to do, rewrite to different robots.txt files depending on the robot's protocol? You might be able to do this on a brand-new site: Here are the rules for http, here are the ones for https. You can't really change at this point, though.
that means the secure server may be (and often should be) on a different subdomain and technically could easily be on a separate server or even a separate hosting service, so don't expect http://example.com/robots.txt to speak for the exclusions you intended for https://secure.example.com/ - even if they are the identical rules.
keep in mind the secure server and the non-secure server are distinct servers even if they happen use the same document root directory.
if in your specific implementation, the requests for http://example.com/robots.txt and https://example.com/robots.txt happen to serve the same file and that's sufficient for your requirements for both servers, then you're good to go.