Well, you might think that there is no 'need' for ssl on the whole site, but it wouldn't hurt.

Anyway, that's why I say "at least login" - I don't like what I say to go plain text across the internets - but yeah, login page could be enough