After Firesheep was released Github was re-architected to force SSL on all logged-in users. If your web application hosts sensitive customer data, you should consider this too. This talk goes into the Whys and the Hows, and highlights some possible pitfalls you may run into.
Rick is a Ruby developer at @github. He’s also developed several APIs for @entp.