When you buy software in Ubuntu Software Center, or music in Rhythmbox, there's no indication that the connection is secure. I'd be concerned about buying software from a store that doesn't use SSL for their logon screen.
<https://wiki.ubuntu.com/SoftwareCenter#security>: "The “View” menu should contain a “Security Info” item that is insensitive by default ... Whenever the page is encrypted and the certificate is okay, at the trailing end of the navigation bar should be a padlock icon with the label “Secure”, and the “Security Info” item should be sensitive. If you choose either of those, a “Security Info” window should open with text “The connection to the store is encrypted.” and information about the connection and certificate."
In Web browsers showing whether something is secure is the browser's job, because the Web site could fake it (or be mistaken more easily than the browser). I think the same principle should apply here: security should be shown in the chrome, not in the SSO page.
An ideal fix will need to wait until bug 618817 is fixed, but a simple fix now would be to stick a padlock icon in the status bar of the payment window.