Today, most online retailers just use Secure HTTP when customers are logging into their accounts; conventional wisdom is that the overhead of https (encryption, special session management and other compute-gobbling elements) is just too costly for an entire E-Commerce site. But it may be time to rethink that. If YouTube can handle that security workload, there's a good chance it's not outside the reach of major retailers. Or think of it another way: If your customers come to understand that they can watch funny-kitten videos securely on YouTube, how unhappy will they be to learn that they can't have the same privacy and security in your online store?
Remember Firesheep, the free program that showed up last October and made it easy for almost anyone to hijack the Web browsing of other people using public Wi-Fi to visit social networks and popular Web sites? It turns out that YouTube didn't forget. Since February, the video-clip site has been quietly adding Secure HTTP to its pages (so YouTube's URLs begin with https: instead of http:), and at this point almost the entire site appears to be hijack-proof—at least by tools such as Firesheep.