Everyone agrees that it is best practice to use SSL, though some still don't however part of secure connections and their use is informing and educating the user as such EV SSL certificates being a prime example.

Though most hosts won't outlay for an EV certificate (us included) I have noticed many don't make a clear distinction when changing between secure and non secure sections of their site (ourselves included at present) though some do show pci compliance and other trust images.

In essence having the certificate isn't enough, many users still don't understand what the padlock is nor do they understand why it's important or how it affects them, for others it's very important but a certificate alone doesn't instil trust which is one of the purposes of SSL certificates.

any thoughts?