I'm looking at all of these new Google SSL OpenSearch addons, and I'm not really sure how safe they are? They specify the https in the search url, but they send things via GET (appended to links).
I'm guessing GETs get encrypted later - after you've established the connection. But before you did, if you send a request to https not knowing it'll be encrypted (I'm guessing), then it's plain text until the second search, right?
Or is the server first contacted, and the encrypted connection established, and then the first GET gets sent?