It's nice that being logged in makes the site default to HTTPS for most things, but there's an unfortunately large number of pages that still get served over HTTP, like any section using the old site layout, and curiously the "Create New Topic" page is also served over HTTP.
If you want to keep your user's cookies secure, it's really a binary thing - either everything is served over HTTPS when you're logged in, or the cookies aren't really secure. It would be nice to see this addressed.
As a sidenote, the website field in the profile editor is prefixed to always use http:// - it'd be nice if you this could made part of the field itself. To avoid any linking issues, you could simply stick http:// in front if someone were to forget to include the protocol.