You're completely right and in fact all URLs where your login credentials are transfered (login, signup, change password) are guaranteed to be SSL regardless of which plan you're on.
If SSL is too expensive for the Basic plan, consider dropping it altogether, or increasing it to EUR 9.95. You can also slash the free plan in half (1 project, 5 MB, 50 tasks) to encourage people to move on to paid; one project is more than enough to decide if the tool is for you.
I can't help thinking the github model might work here: publicly viewable mindmaps are free and you pay to restrict access to specific signed in users. Privacy is a better selling point than security, and some publicly shared mindmaps will generate backlinks.
