Ah, so that's why I see so many pointless https implementations out there. Example: at Penny Arcade, every link on the page is an http link, but they've configured their server to redirect http to https. It completely defeats the purpose of encryption, because all the redirects are in the clear, but hey, if it makes Google happy...