.....
I noticed that "http" is hardcoded in at least one place where it hurts.
In "Admin -> Blogs" all the "Backend" buttons which take you directly to the dashboard of the chosen blog, the link has a "http" which is hardcoded in the core php file. This is the exactly location
.....
Mmmmm, that is certainly not the only place it hurts. All the links to the pages have a (hardcoded) 'http://' in it. So I can open the newly created blogs, but not the pages in them.
Further, in the "Edit Blog" page for the blogs, the information still shows 'http', and I wouldn't know where to change it.
In the Edit page itself some fields can be changed (as is often the case with an Edit page), among which the SiteURL or the Home page. When I change these, and refresh the page, the changes turn out not to be stored.
So, some work really needs to be done for secure sites. It seems though, that the issue mentioned above already has the status 'solved'.
...
That should be changed to some selector which sniffs whether you are using http or https in the next wpmu release
....
That would be the nicest solution, but easier (and quicker) to implement would be checkbox ("Are you using a secured site?"), and have the setting stored in and read from the 'protocol' parameter (or something like that)
Meanwhile, I have moved my MU to the 'public_html' directory.