As a compromise between SSL and plain http, wouldn't it be enough for most of the content to be signed? E.g. background images don't necessarily have to be encrypted. They can be sent in plain sight with a signature which ensures that the image hasn't been modified. The signature has to be computed only once so that the overhead can be neglected.