you can force SSL on only some pages by adding the following code at line 1 of the pages to force SSL on:
<?php
//force redirect to secure page
if($_SERVER['SERVER_PORT'] != '443') { header('Location: https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']); exit(); }
?>
the pages that should be secured are checkout.php, confirm.php, checkout_success.php, pp_confirm.php, and pp_checkout_success.php