In our site certain pages use SSL, most pages however don\'t (as they need to be crawled by web bots).
It pretty much boils down to any page where the user is logged
It violates JavaScript's same-origin policy, because it doesn't see the HTTPS URL as being from the same source as the HTTP URL. You can get around this by using JSONP or setting a Access-Control-Allow-Origin
header in the response from the web service. Many web services will be setup to do this already.