The prevailing practice is to hold your product pages non-SSL (http://). The trail from checkout to the "Thank You for the order" page you put on your SSL (https://) site. You should also make those pages "noin dex, nofollow" for the search engines (in the meta tags or in the robots.txt).
The main reason is the cost (performance) for your webserver and the browser to encrypt the pages.
K<o>
|