Nothing frustrates me more as when I try to login on a secured site and images, CSS, javascript files, and other content files are not secured. For instance, I went to retrieve/reset my password on last.fm and found this:

error

A general rule of thumb is that your content should be hosted on a self-hosted or third party content delivery network (CDN) on both HTTP and HTTPS protocols. Secured pages should only reference HTTPS linked files.