escher wrote:Your embedded content from kitco, weblinks247, duq2, coppercave, etc would still be http of course
This is the problem. Mixed content causes more headaches than it solves. There are 3000+ user signatures, nearly half a million posts, and many thousands of private messages, many of which include embedded content, and very little of that embedded content is served over https. The result is that browsers will throw warnings on most pages that there is a problem with the security / there is unsecure content / or even block that content by default. Then we get complaints that something is wrong with the site / security is broken / stuff isn't loading.
Making SSL really work on a forum site like this requires another layer to fetch external images/videos/audio and re-serve them to the site over https. It's not as simple as getting a free security certificate and making a few clicks in cPanel/WHM.
A more realistic option for now is to install a certificate and let phpBB handle which pages are served over https (the login pages). The problem here is that anybody using a browser option or browser add-on to force https connections will have the above mentioned problems and warnings anyway.