I don't know how much more load SSL would cause but a good solution would be to just use HTTPS for the login and then redirect back to the HTTP, like Twitter does.
I don't know how much more load SSL would cause but a good solution would be to just use HTTPS for the login and then redirect back to the HTTP, like Twitter does.