They are still encrypted, but users will get mixed content warnings due to the site mixing http and https content. The best way is to remove the rather bizarre obfuscation of site paths and allow things to work how they're supposed to work.
I've also got E-portal and OWA on the same server on https, but they are opened in the same frame. When viewing OWA and Exportal in this frame, the browser doesn't report a secure connection, but when you look at the pages being loaded, they are coming from https source (they must be because both services are only available on https) You can get the front pages fo both services under the 'staff' section on the site.
My question is; are data transmissions on these services still actually encrypted when they are open in the frame like this, or would it be adviseable to have the links for these services opening up new windows rather than in the frame?
Opinions and ideas welcome.