As far as I can tell, there are no unsecure items --- when I browse to the site with IE7 or FireFox 3 I don't get any such warning, but if I hit the site with IE6 I get the security informaiton dialog box "This page contains both secure and nonsecure items Do you want to display te nonsecure items?"
How can I track down the cause of that message?
If you have a link that starts with http:// instead of https:// it'll flag those warnings.
The good news is that at least some commercial websites (like Adobe, for Flash) provide https:// versions of their site that redirect to http:// so that you can get around those warnings.
Since you mentioned IE6; I'd also check your security level setting in IE6.
Use Fiddler, after clearing your cache. It'll show everything that your web browser fetches from the remote site. Look for anything that's not https.
Cross-site images often caused this problem for me in the past.
If you are using Firefox, you can use the HttpFox Add-on to do what Eric TenEyck suggested you do with Fiddler.
Plus make sure in your IE7 Security Settings you have Display mixed content set to "Prompt".
As it turns out it has nothing to do with nonsecure traffic per se, but with a hack that one of the HTML boys did --- they have an empty iframe (without a source) that they place on the page, so they can then do some placed content on top of that --- gut the iframe out of the code and the warning dialog box went away. IE7/8 and FF doesn't do it.
AFter adding a blank.gif we're able to https to that gif (what a pain) and now it's all good.