Ah, 99% sure that the issue is the image paths on the forum. All the header images etc. etc. were in place long before there was an SSL, so they are all calling the resource from the http:// version.
The browser sees this as being insecure (cross domain origin I think it calls it) and complains.
I think the only thing to do is to repoint all the image files, will ask Vain if there is an easy way to do it.
--A