ok https is gonna cause issues with the tickers, since svk doesn't has an https api server yet!
That isn't all:
Mixed Content: The page at 'https://bitshares.org/' was loaded over HTTPS, but requested an insecure resource 'http://code.highcharts.com/stock/highstock.js'. This request has been blocked; the content must be served over HTTPS.
bitshares.org/:1 Mixed Content: The page at 'https://bitshares.org/' was loaded over HTTPS, but requested an insecure resource 'http://code.highcharts.com/stock/modules/exporting.js'. This request has been blocked; the content must be served over HTTPS.
bitshares.org/:1 Mixed Content: The page at 'https://bitshares.org/' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Roboto:700,400,300,200,100'. This request has been blocked; the content must be served over HTTPS.
(index):152 Mixed Content: The page at 'https://bitshares.org/' was loaded over HTTPS, but requested an insecure script 'http://faucet.bitshares.org/widgets/1/w.js?ref='. This request has been blocked; the content must be served over HTTPS.
(index):1 Mixed Content: The page at 'https://bitshares.org/' was loaded over HTTPS, but requested an insecure script 'http://code.highcharts.com/stock/highstock.js'. This request has been blocked; the content must be served over HTTPS.
(index):1 Mixed Content: The page at 'https://bitshares.org/' was loaded over HTTPS, but requested an insecure script 'http://code.highcharts.com/stock/modules/exporting.js'. This request has been blocked; the content must be served over HTTPS.
jquery.js:8693 Mixed Content: The page at 'https://bitshares.org/' was loaded over HTTPS, but requested an insecure script 'http://api.bitsharesblocks.com/v1/cmc?callback=jQuery21305609141846653074_1422953063792&format=json&_=1422953063793'. This request has been blocked; the content must be served over HTTPS.
jquery.js:8625 Mixed Content: The page at 'https://bitshares.org/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://coinmarketcap-nexuist.rhcloud.com/api/bts?format=json'. This request has been blocked; the content must be served over HTTPS.
app.js:80 Object {readyState: 4, getResponseHeader: function, getAllResponseHeaders: function, setRequestHeader: function, overrideMimeType: function…}
jquery.js:8693 Mixed Content: The page at 'https://bitshares.org/' was loaded over HTTPS, but requested an insecure script 'http://api.bitsharesblocks.com/v3/pricehistory/USD/%7B%22start%22:%222015-0…0Z%22%7D?callback=jQuery21305609141846653074_1422953063792&_=1422953063794'. This request has been blocked; the content must be served over HTTPS.
First, you can use HTTPS with code.highcharts.com and fonts.googleapis.com and coinmarketcap-nexuist.rhcloud.com. Then that just leaves faucet.bitshares.org and api.bitsharesblocks.com.
Also, why are we not hosting the various javascript scripts that we are using ourselves rather than linking to other sites (even if it's over HTTPS) to provide them, such as highcharts, jquery, google, facebook, to name a few (not to mention others from hosts I know nothing about and don't personally trust).
And, rather than using JSONP to get data from api.bitsharesblocks.com, I would prefer if svk could enable
CORS on api.bitsharesblocks.com for at least the bitshares.org origin (but he might as well do it for * so that anyone can use that data without JSONP).