SHA1 encryption has nothing to do with the choice to use SSL. It can be used on plan HTTP pages or on secure HTTPS pages.
HTTPS should be used all the time on checkout page where credit card info is transmitted.
It is considered a good practice to use HTTPS on login and registration pages, but it is not required.
look at gmail and face book as an example.
with gmail, the login page always uses HTTPS. Face book however, uses plain HTTP, they have an option to turn on secure login in the preferences though.