I don’t see why these two ideas are mutually exclusive, although I’d assume implementing SSL/TLS is not trivial. We do already link to the OpenSSL library, so I don’t know.
I personally would prefer a urn scheme to handle a bitcoin address. That would be perfect, although I would prefer to use the hostname on the right side.
Of course, I’m the kind of guy who might shop at thenerdsshop.com Smiley
For grandma, the entire bitcoin concept is pretty confusing at the moment. Even neglecting all the technical details, the UI still shows a huge string of numbers and letters (your receiving address) and best practices currently require you to deal with that every time you give someone your address.
Another option is to use something like what OpenID uses: hidden tags on the store’s (hopefully SSL) site. Then you could just enter a site’s URL as the receiving address. It would hit that site, search for something like Code:
Or some other form and try to send securely to that.