If possible, write external css and js to files instead of using a query string (?bfa_ata_file=css and ?bfa_ata_file=js) to get rid of partially encrypted errors on SSL pages in Chrome (rex X-ed padlock), Firefox, and IE.
What did not work:
Using // syntax for the protocol.
Making sure there were no instances of http:// in CSS options or in the js.php file; $homeURL was reported correctly.
Removing the JS options from the header image.
The links displayed correctly in View Source as https://domain.com/?bfa_ata_file=x
, but Chrome (Developer Tools/Console) reported that the pages ran insecure content from http://domain.com/?bfa_ata_file=x
Writing the generated css and js to new files and referencing them in header.php and functions.php instead of the dynamic files.
It takes a little time to write the css and js to files if changed, but at least I can keep using Atahualpa with this site.