Of course, if someone is sniffing your line, then it can be almost as damaging to send the normal application data in the clear as it is to send passwords in the clear. After all, it's that private data you're trying to protect, right?

If security is a serious concern, then don't skimp on it. Get the hardware you need to make it really secure, not just sorta secure. If the encryption becomes a performance bottleneck, you can add Domino servers in a cluster (or buy more muscular servers, such as iSeries and up) to scale up to the number of users you need to support. Or use something that's less of a burden on the server (e.g., put it behind a firewall and let users access it via VPNs).

Other things you can do to limit the performance impact of SSL or other encryption are the usual performance-related Web site design practices for dealing with slow connections:

• Make your graphics small (file size).

• Make sure to have just one copy of each graphic, JavaScript resource, CSS and so on to maximize opportunities for browser caching.

• Don't use in-line stylesheets or in-line JavaScript if it's the same on multiple pages. SRC= is your friend.

• Do your input validations in JavaScript on the browser as much as possible, to limit the number of submits.

• Use DHTML to update information on the current page rather than fetching a whole new page.

• DHTML is also a good substitute for image rollovers -- you can get some very nice effects just changing the style of an element rather than loading two alternate graphics for each navigator image.

• Use data binding to let users navigate thru lots of information in a single page.

• Use CSS rather than having lots of formatting tags within the page HTML, so that the HTML of the page is smaller.

• Make a few larger pages rather than a bunch of smaller pages. A scroll bar is not necessarily an instrument of the devil.

• Framesets can help reduce the amount of data sending required -- but it's more difficult to make them accessible, so use with caution