The add to cart button wont go to the secure server unless you tell it to.
If you want your entire site to be on the secure server, you can configure the server to redirect all http:// traffic to the https:// server. This is what I prefer to do.
If your server is apache, you can do this using an htaccess rule, contact your host, they should be able to help you set it up so that any request to http:// gets redirected to the https:// server.