Only the login is secure,
the way to make it totally secure is to change
Code:
define('HTTP_SERVER', 'http://www.fontgarden.com');
  define('HTTPS_SERVER', 'https://www.fontgarden.com');
  define('HTTP_CATALOG_SERVER', 'http://www.fontgarden.com/fontshop');
  define('HTTPS_CATALOG_SERVER', 'https://www.fontgarden.com/fontshop');
to

Code:
define('HTTP_SERVER', 'https://www.fontgarden.com');
  define('HTTPS_SERVER', 'https://www.fontgarden.com');
  define('HTTP_CATALOG_SERVER', 'https://www.fontgarden.com/fontshop');
  define('HTTPS_CATALOG_SERVER', 'https://www.fontgarden.com/fontshop');