I have noticed that when I view orders in my ADMIN section SSL is not forced. On top of that the CC info is displayed which means that we are passing sensitive customer data and CC info without using SSL
I am in the process of updating my ADMIN section to force SSL on Order and Customer pages, we also delete the CC info from the database after order processing (To be PCL compliant)
Just something the Nopcommerce team may want to fix for the next release