Comment 2 for bug 637649

In Web browsers showing whether something is secure is the browser's job, because the Web site could fake it (or be mistaken more easily than the browser). I think the same principle should apply here: security should be shown in the chrome, not in the SSO page.

An ideal fix will need to wait until bug 618817 is fixed, but a simple fix now would be to stick a padlock icon in the status bar of the payment window.