For those of you, like me, that are using the "other" CMS (Mambo) and are scratching your heads over this issue, I believe I have a workaround.
After searching link by link (Page Info doesn't tell the whole story, folks), I found that mambojavascript.js was the "unsecure" item on my site.
My site also uses SMF, so I am already reading the VM config file through changes made to the SMF_header_include mambot found on the thread here:
http://forum.virtuemart.net/index.php?topic=21449#msg53229.
If you are not using SMF, then you will probably want to add this code somewhere (in the function function mosShowHead, perhaps?):
global $mosConfig_absolute_path;
require_once($mosConfig_absolute_path.'/administrator/components/com_virtuemart/virtuemart.cfg.php');
$vm_url = rtrim(URL, '/');
$vm_secureurl = rtrim(SECUREURL, '/');
Then you will want to open the file /includes/core.classes.php and
Replace:$head['mambojavascript'] = $my->id ? '<script language="JavaScript1.2" src="'.mamboCore::get('mosConfig_live_site').'/includes/js/mambojavascript.js" type="text/javascript"></script>' : '';
With:if (@strstr($_REQUEST['page'], "checkout.") || @strstr($_REQUEST['page'], "account.")) {
$head['mambojavascript'] = $my->id ? '<script language="JavaScript1.2" src="'.SECUREURL.'/includes/js/mambojavascript.js" type="text/javascript"></script>' : '';
} else {
$head['mambojavascript'] = $my->id ? '<script language="JavaScript1.2" src="'.mamboCore::get('mosConfig_live_site').'/includes/js/mambojavascript.js" type="text/javascript"></script>' : ''; // commented out
}
I know this isn't perfect, but I'm just a hack and it seems to work.
Hopefully this helps someone else.
Take care,