Did you know you could get a free SSL cert, that is, I think, trusted by all modern browsers, from StartSSL? I didn’t.
You can’t get a free wildcart cert, which is probably what a library or other enterprise IT organization would need. We’re using DigiCert here for a wildcard cert, their prices are decent, and their self-support website is pretty darn nice (unlike that crazy 1990’s looking limited-feature StartSSL one, heh).
These days, I think just about every web app should probably be https only — if it’s got a login feature, and you want to make the login secure and the logged-in sessions not hijackable, it’s pretty much the only way to go. . (And remember to set those cookies to secure=>true).
Discovered the free cert from StartSSL in this doc, about all the things you can get wrong even if you are using https, heh.