I set the forum to use HTTPS by default, and the post buttons seem to load okay now. But yes, browsers will never accept it as being truly safe, since it uses mixed content. Might be easier to just turn SSL off on the whole AGS site, since there's no real need for it. Unless it's a truly closed system there'll still be enough holes for a determined hacker to get in anyway.