At work, the web application that I've been developing has always had this problem over a secure SSL link. On certain pages, before the document is fully loaded, a dialog box will popup telling me that "This page contains non-secure items, would you like to display those items?". Whether I choose 'Yes' or 'No' does not really make a difference, and the application can still be executed perfectly. However, this dialog box is really annoying to the point that many people in the office has turned off this checking in their Internet Explorer preferences.
Searching through trusted Google does not yield many useful result. Actually a lot of sites on the first result page actually state the same problem. They tell their custom to simply ignore the dialog box when they are using the application. It is not right! That's avoiding the problem! Until I hit this page on the DevShed.com...
It does not present a clear answer, but I think I found the solution on here.
Make Sure You Have SRC Attribute In Your IFRAME!
We have quite a few IFRAME tags in our code, either pre-generated or appended to the document using DOM. Many of them are pointing to a relative URL when they are created, however, some of them are just created as hidden place holders. They are used in DHTML to replace some DIV code because DIV does hover well above the editing widgets. They are created without a SRC attribute, because their documents are created on the fly! Because the document does not have an URL, Internet Explorer gets confused and thus yield a warning on displaying non-secure items.
It ends up as an easy fix - just create thus IFRAME's with SRC pointing to a dummy page using a relative URL.