Everything works great with paypal except after payment is made and the user click to return back to my site, it's not even broken it's just that paypal returns the user back to the non-secure web site and it gives a warning to the user that the information may not be encrypted.
 
Is there a way to get Paypal to go back to the secure site?
 
I've tried the obvious which would be changing 'return' to {secure_url}order_final.php instead of {site_url}order_final.php but then I get a 404 error, this also goes for the 'cancel_return' option.
 
Any ideas?

we have been trying with zero sucsess... users get a 1056 db error

A more serious variant of this issue:
 
Due to Ie8 enforcing the standard that a form cannot be embedded within another form, I need to iFrame the buttons and other paypal functionality (that are implemented as forms), out to separate asp.net modules. So far, seamless user experience.
 
However, when the user clicks on a button, does whatever on the paypal site, and clicks 'Continue Shopping' then they are returned to a blank page with a paypal button on it! (being the separate module).
 
I wish to use the return address to return to the 'head' page, but it seems not to work.
 
I can't believe that Paypal doesn't have a solution for this, given the install-base of ASP.Net and Ie8 these days.