There are a couple reasons for doing it this way:
1) Personally, I find it a better shopping experience when I am on the secure https:// server from the start. It demonstrates to me that the store developer has my security in mind.
I am more willing to continue through adding items to the cart and check out if the entire process is behind the secure server.
2) Redirecting to the secure https:// server when going from the cart page to the checkout page, then ensuring that they are not directed back to the unsecure server at any time until the checkout has been processed takes a _lot_ more work and planning.