If I'm not mistaken, the https everywhere addon for firefox forces this already? Sure it breaks a few of the more annoying features (like chat), but still.
As for identifying your friends photos for security, I wonder just how they'll implement that one. They surely (being the every privacy conscious bunch that they are) won't display my friends private pictures to any random person purporting to be me?
And that's assuming I can identify them from the random shit they get tagged in when its not them, their baby photos, or the 846,684 people I am "friends" with in addition to anyone I know! Stupid Mafia wars!