One note on user expectations: every browser I know of displays its security padlock icon based on whether the most recent response was delivered securely. They don't tell you anything about whether any forms you're about to submit will be submitted securely or not.
So if your login page is delivered by an insecure server, but it submits the form to a secure server (which is fine from the perspective of actual security), the security icon will be off, and some people will think their password submission will be insecure.
In short, deliver the page with the login form securely -- it'll make some users feel better.